*/
/*
- If OPENCLOSE is defined, each of the functions opens and closes the
- file whenever it needs to access it. Otherwise, the file is opened
- once in initialize and closed once is close.
-
- This library depends on UNIX-like file descriptors, and UNIX-like
- behavior from the functions: open, close, read, write, lseek.
-
- The quasi-BNF grammar for a credentials cache:
-
- file ::=
- principal list-of-credentials
-
- credential ::=
- client (principal)
- server (principal)
- keyblock (keyblock)
- times (ticket_times)
- is_skey (boolean)
- ticket_flags (flags)
- ticket (data)
- second_ticket (data)
-
- principal ::=
- number of components (int32)
- component 1 (data)
- component 2 (data)
- ...
-
- data ::=
- length (int32)
- string of length bytes
-
- etc.
-*/
-/* todo:
- Make sure that each time a function returns KRB5_NOMEM, everything
- allocated earlier in the function and stack tree is freed.
-
- File locking
-
- Use pread/pwrite if available, so multiple threads can read
- simultaneously. (That may require reader/writer locks.)
-
- fcc_nseq.c and fcc_read don't check return values a lot.
-*/
+ * A psuedo-BNF grammar for the FILE credential cache format is:
+ *
+ * file ::=
+ * version (2 bytes; 05 01 for version 1 through 05 04 for version 4)
+ * header [not present before version 4]
+ * principal
+ * credential1
+ * credential2
+ * ...
+ *
+ * header ::=
+ * headerlen (16 bits)
+ * header1tag (16 bits)
+ * header1len (16 bits)
+ * header1val (header1len bytes)
+ *
+ * See ccmarshal.c for the principal and credential formats. Although versions
+ * 1 and 2 of the FILE format use native byte order for integer representations
+ * within principals and credentials, the integer fields in the grammar above
+ * are always in big-endian byte order.
+ *
+ * Only one header tag is currently defined. The tag value is 1
+ * (FCC_TAG_DELTATIME), and its contents are two 32-bit integers giving the
+ * seconds and microseconds of the time offset of the KDC relative to the
+ * client.
+ *
+ * If the OPENCLOSE flag is set (as it is by default), each of the file ccache
+ * functions opens and closes the file whenever it needs to access it.
+ * Otherwise, the file is opened once in initialize and closed once in close.
+ *
+ * This module depends on UNIX-like file descriptors, and UNIX-like behavior
+ * from the functions: open, close, read, write, lseek.
+ */
+
#include "k5-int.h"
#include "cc-int.h"
#include <unistd.h>
#endif
-#ifdef HAVE_NETINET_IN_H
-#if !defined(_WIN32)
-#include <netinet/in.h>
-#else
-#include "port-sockets.h"
-#endif
-#else
-# error find some way to use net-byte-order file version numbers.
-#endif
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_close
-(krb5_context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_destroy
-(krb5_context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_end_seq_get
-(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_generate_new
-(krb5_context, krb5_ccache *id);
-
-static const char * KRB5_CALLCONV krb5_fcc_get_name
-(krb5_context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_get_principal
-(krb5_context, krb5_ccache id, krb5_principal *princ);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_initialize
-(krb5_context, krb5_ccache id, krb5_principal princ);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_next_cred
-(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor,
- krb5_creds *creds);
-
-static krb5_error_code krb5_fcc_read
-(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
-static krb5_error_code krb5_fcc_read_principal
-(krb5_context, krb5_ccache id, krb5_principal *princ);
-static krb5_error_code krb5_fcc_read_keyblock
-(krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
-static krb5_error_code krb5_fcc_read_data
-(krb5_context, krb5_ccache id, krb5_data *data);
-static krb5_error_code krb5_fcc_read_int32
-(krb5_context, krb5_ccache id, krb5_int32 *i);
-static krb5_error_code krb5_fcc_read_ui_2
-(krb5_context, krb5_ccache id, krb5_ui_2 *i);
-static krb5_error_code krb5_fcc_read_octet
-(krb5_context, krb5_ccache id, krb5_octet *i);
-static krb5_error_code krb5_fcc_read_times
-(krb5_context, krb5_ccache id, krb5_ticket_times *t);
-static krb5_error_code krb5_fcc_read_addrs
-(krb5_context, krb5_ccache, krb5_address ***);
-static krb5_error_code krb5_fcc_read_addr
-(krb5_context, krb5_ccache, krb5_address *);
-static krb5_error_code krb5_fcc_read_authdata
-(krb5_context, krb5_ccache, krb5_authdata ***);
-static krb5_error_code krb5_fcc_read_authdatum
-(krb5_context, krb5_ccache, krb5_authdata *);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_resolve
-(krb5_context, krb5_ccache *id, const char *residual);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_retrieve
-(krb5_context, krb5_ccache id, krb5_flags whichfields,
- krb5_creds *mcreds, krb5_creds *creds);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_start_seq_get
-(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_store
-(krb5_context, krb5_ccache id, krb5_creds *creds);
-
-static krb5_error_code krb5_fcc_skip_header
-(krb5_context, krb5_ccache);
-static krb5_error_code krb5_fcc_skip_principal
-(krb5_context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_set_flags
-(krb5_context, krb5_ccache id, krb5_flags flags);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_new
-(krb5_context context, krb5_cc_ptcursor *cursor);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_next
-(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_free
-(krb5_context context, krb5_cc_ptcursor *cursor);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_last_change_time
-(krb5_context context, krb5_ccache id, krb5_timestamp *change_time);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_lock
-(krb5_context context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock
-(krb5_context context, krb5_ccache id);
-
-
extern const krb5_cc_ops krb5_cc_file_ops;
-krb5_error_code krb5_change_cache (void);
-
-static krb5_error_code krb5_fcc_write
-(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
-static krb5_error_code krb5_fcc_store_principal
-(krb5_context, krb5_ccache id, krb5_principal princ);
-static krb5_error_code krb5_fcc_store_keyblock
-(krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
-static krb5_error_code krb5_fcc_store_data
-(krb5_context, krb5_ccache id, krb5_data *data);
-static krb5_error_code krb5_fcc_store_int32
-(krb5_context, krb5_ccache id, krb5_int32 i);
-static krb5_error_code krb5_fcc_store_ui_4
-(krb5_context, krb5_ccache id, krb5_ui_4 i);
-static krb5_error_code krb5_fcc_store_ui_2
-(krb5_context, krb5_ccache id, krb5_int32 i);
-static krb5_error_code krb5_fcc_store_octet
-(krb5_context, krb5_ccache id, krb5_int32 i);
-static krb5_error_code krb5_fcc_store_times
-(krb5_context, krb5_ccache id, krb5_ticket_times *t);
-static krb5_error_code krb5_fcc_store_addrs
-(krb5_context, krb5_ccache, krb5_address **);
-static krb5_error_code krb5_fcc_store_addr
-(krb5_context, krb5_ccache, krb5_address *);
-static krb5_error_code krb5_fcc_store_authdata
-(krb5_context, krb5_ccache, krb5_authdata **);
-static krb5_error_code krb5_fcc_store_authdatum
-(krb5_context, krb5_ccache, krb5_authdata *);
-
-static krb5_error_code krb5_fcc_interpret
-(krb5_context, int);
-
-struct _krb5_fcc_data;
-static krb5_error_code krb5_fcc_close_file
-(krb5_context, struct _krb5_fcc_data *data);
-static krb5_error_code krb5_fcc_open_file
-(krb5_context, krb5_ccache, int);
-static krb5_error_code krb5_fcc_data_last_change_time
-(krb5_context context, struct _krb5_fcc_data *data,
- krb5_timestamp *change_time);
-
-
-#define KRB5_OK 0
-
-#define KRB5_FCC_MAXLEN 100
-
-/*
- * FCC version 2 contains type information for principals. FCC
- * version 1 does not.
- *
- * FCC version 3 contains keyblock encryption type information, and is
- * architecture independent. Previous versions are not.
- *
- * The code will accept version 1, 2, and 3 ccaches, and depending
- * what KRB5_FCC_DEFAULT_FVNO is set to, it will create version 1, 2,
- * or 3 FCC caches.
- *
- * The default credentials cache should be type 3 for now (see
- * init_ctx.c).
- */
-
-#define KRB5_FCC_FVNO_1 0x0501 /* krb v5, fcc v1 */
-#define KRB5_FCC_FVNO_2 0x0502 /* krb v5, fcc v2 */
-#define KRB5_FCC_FVNO_3 0x0503 /* krb v5, fcc v3 */
-#define KRB5_FCC_FVNO_4 0x0504 /* krb v5, fcc v4 */
+krb5_error_code krb5_change_cache(void);
+
+static krb5_error_code read_data(krb5_context, krb5_ccache id,
+ krb5_data *data);
+static krb5_error_code read32(krb5_context, krb5_ccache id, int32_t *i);
+static krb5_error_code read16(krb5_context, krb5_ccache id, uint16_t *i);
+static krb5_error_code read_addr(krb5_context context, krb5_ccache id,
+ krb5_address *addr);
+static krb5_error_code read_authdatum(krb5_context, krb5_ccache,
+ krb5_authdata *);
+static krb5_error_code store_data(krb5_context, krb5_ccache id,
+ krb5_data *data);
+static krb5_error_code store32(krb5_context, krb5_ccache id, uint32_t i);
+static krb5_error_code store16(krb5_context, krb5_ccache id, uint16_t i);
+static krb5_error_code store_addr(krb5_context, krb5_ccache, krb5_address *);
+static krb5_error_code store_authdatum(krb5_context, krb5_ccache,
+ krb5_authdata *);
+static krb5_error_code interpret_errno(krb5_context, int);
+
+#define FVNO_1 0x0501 /* krb v5, fcc v1 */
+#define FVNO_2 0x0502 /* krb v5, fcc v2 */
+#define FVNO_3 0x0503 /* krb v5, fcc v3 */
+#define FVNO_4 0x0504 /* krb v5, fcc v4 */
#define FCC_OPEN_AND_ERASE 1
#define FCC_OPEN_RDWR 2
#define FCC_OPEN_RDONLY 3
-/* Credential file header tags.
- * The header tags are constructed as:
- * krb5_ui_2 tag
- * krb5_ui_2 len
- * krb5_octet data[len]
- * This format allows for older versions of the fcc processing code to skip
- * past unrecognized tag formats.
- */
#define FCC_TAG_DELTATIME 1
#ifndef TKT_ROOT
#endif
/* macros to make checking flags easier */
-#define OPENCLOSE(id) (((krb5_fcc_data *)id->data)->flags & KRB5_TC_OPENCLOSE)
+#define OPENCLOSE(id) (((fcc_data *)id->data)->flags & KRB5_TC_OPENCLOSE)
-typedef struct _krb5_fcc_data {
+typedef struct fcc_data_st {
char *filename;
- /* Lock this one before reading or modifying the data stored here
- that can be changed. (Filename is fixed after
- initialization.) */
+
+ /* Lock this before reading or modifying the data stored here that can be
+ * changed. (Filename is fixed after initialization.) */
k5_cc_mutex lock;
- int file;
+ int fd;
krb5_flags flags;
- int mode; /* needed for locking code */
- int version; /* version number of the file */
+ int mode; /* needed for locking code */
+ int version; /* version number of the file */
- /* Buffer data on reading, for performance.
- We used to have a stdio option, but we get more precise control
- by using the POSIX I/O functions. */
+ /*
+ * Buffer data on reading, for performance. We used to have a stdio
+ * option, but we get more precise control by using the POSIX I/O
+ * functions.
+ */
#define FCC_BUFSIZ 1024
size_t valid_bytes;
size_t cur_offset;
char buf[FCC_BUFSIZ];
-} krb5_fcc_data;
+} fcc_data;
-static inline void invalidate_cache(krb5_fcc_data *data)
+/* Return the file version as an integer from 1 to 4. */
+static inline int
+version(krb5_ccache id)
+{
+ return ((fcc_data *)id->data)->version - FVNO_1 + 1;
+}
+
+/* Discard cached read information within data. */
+static inline void
+invalidate_cache(fcc_data *data)
{
data->valid_bytes = 0;
}
-static off_t fcc_lseek(krb5_fcc_data *data, off_t offset, int whence)
+/* Change position within the cache file, taking into account read caching. */
+static off_t
+fcc_lseek(fcc_data *data, off_t offset, int whence)
{
- /* If we read some extra data in advance, and then want to know or
- use our "current" position, we need to back up a little. */
+ /* If we read some extra data in advance, and then want to know or use our
+ * "current" position, we need to back up a little. */
if (whence == SEEK_CUR && data->valid_bytes) {
assert(data->cur_offset > 0);
assert(data->cur_offset <= data->valid_bytes);
offset -= (data->valid_bytes - data->cur_offset);
}
invalidate_cache(data);
- return lseek(data->file, offset, whence);
+ return lseek(data->fd, offset, whence);
}
struct fcc_set {
struct fcc_set *next;
- krb5_fcc_data *data;
+ fcc_data *data;
unsigned int refcount;
};
#define MAYBE_OPEN(CONTEXT, ID, MODE) \
{ \
- k5_cc_mutex_assert_locked(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \
- if (OPENCLOSE (ID)) { \
- krb5_error_code maybe_open_ret; \
- maybe_open_ret = krb5_fcc_open_file (CONTEXT,ID,MODE); \
- if (maybe_open_ret) { \
- k5_cc_mutex_unlock(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \
- return maybe_open_ret; \
+ k5_cc_mutex_assert_locked(CONTEXT, &((fcc_data *)(ID)->data)->lock); \
+ if (OPENCLOSE(ID)) { \
+ krb5_error_code mo_ret; \
+ mo_ret = open_cache_file(CONTEXT, ID, MODE); \
+ if (mo_ret) { \
+ k5_cc_mutex_unlock(CONTEXT, &((fcc_data *)(ID)->data)->lock); \
+ return mo_ret; \
} \
} \
}
#define MAYBE_CLOSE(CONTEXT, ID, RET) \
{ \
- if (OPENCLOSE (ID)) { \
- krb5_error_code maybe_close_ret; \
- maybe_close_ret = krb5_fcc_close_file (CONTEXT, \
- (krb5_fcc_data *)(ID)->data); \
- if (!(RET)) RET = maybe_close_ret; } }
-
-#define MAYBE_CLOSE_IGNORE(CONTEXT, ID) \
- { \
- if (OPENCLOSE (ID)) { \
- (void) krb5_fcc_close_file (CONTEXT,(krb5_fcc_data *)(ID)->data); } }
+ if (OPENCLOSE(ID)) { \
+ krb5_error_code mc_ret; \
+ mc_ret = close_cache_file(CONTEXT, (ID)->data); \
+ if (!(RET)) \
+ RET = mc_ret; \
+ } \
+ }
-#define CHECK(ret) if (ret != KRB5_OK) goto errout;
+#define CHECK(ret) if (ret) goto errout;
#define NO_FILE -1
-/*
- * Effects:
- * Reads len bytes from the cache id, storing them in buf.
- *
- * Requires:
- * Must be called with mutex locked.
- *
- * Errors:
- * KRB5_CC_END - there were not len bytes available
- * system errors (read)
- */
+/* Read len bytes from the cache id, storing them in buf. Return KRB5_CC_END
+ * if not enough bytes are present. Call with the mutex locked. */
static krb5_error_code
-krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len)
+read_bytes(krb5_context context, krb5_ccache id, void *buf, unsigned int len)
{
-#if 0
- int ret;
-
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
- ret = read(((krb5_fcc_data *) id->data)->file, (char *) buf, len);
- if (ret == -1)
- return krb5_fcc_interpret(context, errno);
- if (ret != len)
- return KRB5_CC_END;
- else
- return KRB5_OK;
-#else
- krb5_fcc_data *data = (krb5_fcc_data *) id->data;
+ fcc_data *data = id->data;
k5_cc_mutex_assert_locked(context, &data->lock);
if (data->valid_bytes > 0)
assert(data->cur_offset <= data->valid_bytes);
- if (data->valid_bytes == 0
- || data->cur_offset == data->valid_bytes) {
+ if (data->valid_bytes == 0 || data->cur_offset == data->valid_bytes) {
/* Fill buffer from current file position. */
- nread = read(data->file, data->buf, sizeof(data->buf));
+ nread = read(data->fd, data->buf, sizeof(data->buf));
e = errno;
if (nread < 0)
- return krb5_fcc_interpret(context, e);
+ return interpret_errno(context, e);
if (nread == 0)
- /* EOF */
return KRB5_CC_END;
data->valid_bytes = nread;
data->cur_offset = 0;
assert(data->cur_offset > 0);
assert(data->cur_offset <= data->valid_bytes);
len -= ncopied;
- /* Don't do arithmetic on void pointers. */
- buf = (char*)buf + ncopied;
+ buf = (char *)buf + ncopied;
}
return 0;
-#endif
}
/*
* KRB5_CC_NOMEM
*/
-#define ALLOC(NUM,TYPE) \
- (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \
- ? (TYPE *) calloc((NUM), sizeof(TYPE)) \
- : (errno = ENOMEM,(TYPE *) 0))
+#define ALLOC(NUM, TYPE) \
+ (((NUM) <= (((size_t)0 - 1) / sizeof(TYPE))) ? \
+ (TYPE *)calloc((NUM), sizeof(TYPE)) : \
+ (errno = ENOMEM, (TYPE *)0))
static krb5_error_code
-krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
+read_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+ fcc_data *data = id->data;
krb5_error_code kret;
register krb5_principal tmpprinc;
- krb5_int32 length, type;
+ int32_t length, type;
int i;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &data->lock);
*princ = NULL;
- if (data->version == KRB5_FCC_FVNO_1) {
+ if (version(id) == 1) {
type = KRB5_NT_UNKNOWN;
} else {
- /* Read principal type */
- kret = krb5_fcc_read_int32(context, id, &type);
- if (kret != KRB5_OK)
+ /* Read principal type. */
+ kret = read32(context, id, &type);
+ if (kret)
return kret;
}
- /* Read the number of components */
- kret = krb5_fcc_read_int32(context, id, &length);
- if (kret != KRB5_OK)
+ /* Read the number of components. */
+ kret = read32(context, id, &length);
+ if (kret)
return kret;
/*
* DCE includes the principal's realm in the count; the new format
* does not.
*/
- if (data->version == KRB5_FCC_FVNO_1)
+ if (version(id) == 1)
length--;
if (length < 0)
return KRB5_CC_NOMEM;
- tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data));
+ tmpprinc = malloc(sizeof(*tmpprinc));
if (tmpprinc == NULL)
return KRB5_CC_NOMEM;
if (length) {
size_t msize = length;
- if (msize != (krb5_ui_4) length) {
+ if (msize != (uint32_t)length) {
free(tmpprinc);
return KRB5_CC_NOMEM;
}
- tmpprinc->data = ALLOC (msize, krb5_data);
+ tmpprinc->data = ALLOC(msize, krb5_data);
if (tmpprinc->data == 0) {
free(tmpprinc);
return KRB5_CC_NOMEM;
}
- } else
+ } else {
tmpprinc->data = 0;
+ }
tmpprinc->magic = KV5M_PRINCIPAL;
tmpprinc->length = length;
tmpprinc->type = type;
- kret = krb5_fcc_read_data(context, id, &tmpprinc->realm);
+ kret = read_data(context, id, &tmpprinc->realm);
i = 0;
CHECK(kret);
- for (i=0; i < length; i++) {
- kret = krb5_fcc_read_data(context, id, &tmpprinc->data[i]);
+ for (i = 0; i < length; i++) {
+ kret = read_data(context, id, &tmpprinc->data[i]);
CHECK(kret);
}
*princ = tmpprinc;
- return KRB5_OK;
+ return 0;
errout:
- while(--i >= 0)
+ while (--i >= 0)
free(tmpprinc->data[i].data);
free(tmpprinc->realm.data);
free(tmpprinc->data);
}
static krb5_error_code
-krb5_fcc_read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs)
+read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs)
{
krb5_error_code kret;
- krb5_int32 length;
+ int32_t length;
size_t msize;
int i;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- *addrs = 0;
+ *addrs = NULL;
/* Read the number of components */
- kret = krb5_fcc_read_int32(context, id, &length);
+ kret = read32(context, id, &length);
CHECK(kret);
/* Make *addrs able to hold length pointers to krb5_address structs
- * Add one extra for a null-terminated list
- */
+ * Add one extra for a null-terminated list */
msize = length;
msize += 1;
- if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0)
+ if (msize == 0 || msize - 1 != (uint32_t)length || length < 0)
return KRB5_CC_NOMEM;
- *addrs = ALLOC (msize, krb5_address *);
+ *addrs = ALLOC(msize, krb5_address *);
if (*addrs == NULL)
return KRB5_CC_NOMEM;
- for (i=0; i < length; i++) {
- (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
+ for (i = 0; i < length; i++) {
+ (*addrs)[i] = malloc(sizeof(krb5_address));
if ((*addrs)[i] == NULL) {
krb5_free_addresses(context, *addrs);
*addrs = 0;
return KRB5_CC_NOMEM;
}
(*addrs)[i]->contents = NULL;
- kret = krb5_fcc_read_addr(context, id, (*addrs)[i]);
+ kret = read_addr(context, id, (*addrs)[i]);
CHECK(kret);
}
- return KRB5_OK;
+ return 0;
errout:
if (*addrs) {
krb5_free_addresses(context, *addrs);
}
static krb5_error_code
-krb5_fcc_read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
+read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
krb5_error_code kret;
- krb5_ui_2 ui2;
- krb5_int32 int32;
+ uint16_t ui2;
+ int32_t int32;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
keyblock->magic = KV5M_KEYBLOCK;
keyblock->contents = 0;
/* Enctype is signed, so sign-extend the 16-bit value we read. */
- kret = krb5_fcc_read_ui_2(context, id, &ui2);
- keyblock->enctype = (krb5_int16) ui2;
+ kret = read16(context, id, &ui2);
+ keyblock->enctype = (int16_t)ui2;
CHECK(kret);
- if (data->version == KRB5_FCC_FVNO_3) {
+ if (version(id) == 3) {
/* This works because the old etype is the same as the new enctype. */
- kret = krb5_fcc_read_ui_2(context, id, &ui2);
+ kret = read16(context, id, &ui2);
/* keyblock->enctype = ui2; */
CHECK(kret);
}
- kret = krb5_fcc_read_int32(context, id, &int32);
+ kret = read32(context, id, &int32);
CHECK(kret);
if (int32 < 0)
return KRB5_CC_NOMEM;
keyblock->length = int32;
/* Overflow check. */
- if (keyblock->length != (krb5_ui_4) int32)
+ if (keyblock->length != (uint32_t)int32)
return KRB5_CC_NOMEM;
- if ( keyblock->length == 0 )
- return KRB5_OK;
+ if (keyblock->length == 0)
+ return 0;
keyblock->contents = malloc(keyblock->length);
if (keyblock->contents == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_fcc_read(context, id, keyblock->contents, keyblock->length);
+ kret = read_bytes(context, id, keyblock->contents, keyblock->length);
if (kret)
goto errout;
- return KRB5_OK;
+ return 0;
+
errout:
if (keyblock->contents) {
free(keyblock->contents);
}
static krb5_error_code
-krb5_fcc_read_data(krb5_context context, krb5_ccache id, krb5_data *data)
+read_data(krb5_context context, krb5_ccache id, krb5_data *data)
{
krb5_error_code kret;
- krb5_int32 len;
+ int32_t len;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
data->magic = KV5M_DATA;
data->data = 0;
- kret = krb5_fcc_read_int32(context, id, &len);
+ kret = read32(context, id, &len);
CHECK(kret);
if (len < 0)
return KRB5_CC_NOMEM;
data->length = len;
- if (data->length != (krb5_ui_4) len || data->length + 1 == 0)
+ if (data->length != (uint32_t)len || data->length + 1 == 0)
return KRB5_CC_NOMEM;
if (data->length == 0) {
- data->data = 0;
- return KRB5_OK;
+ data->data = NULL;
+ return 0;
}
- data->data = (char *) malloc(data->length+1);
+ data->data = malloc(data->length + 1);
if (data->data == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_fcc_read(context, id, data->data, (unsigned) data->length);
+ kret = read_bytes(context, id, data->data, data->length);
CHECK(kret);
data->data[data->length] = 0; /* Null terminate, just in case.... */
- return KRB5_OK;
+ return 0;
+
errout:
if (data->data) {
free(data->data);
}
static krb5_error_code
-krb5_fcc_read_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
+read_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
{
krb5_error_code kret;
- krb5_ui_2 ui2;
- krb5_int32 int32;
+ uint16_t ui2;
+ int32_t int32;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
addr->magic = KV5M_ADDRESS;
addr->contents = 0;
- kret = krb5_fcc_read_ui_2(context, id, &ui2);
+ kret = read16(context, id, &ui2);
CHECK(kret);
addr->addrtype = ui2;
- kret = krb5_fcc_read_int32(context, id, &int32);
+ kret = read32(context, id, &int32);
CHECK(kret);
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
addr->length = int32;
- /* Length field is "unsigned int", which may be smaller than 32
- bits. */
- if (addr->length != (krb5_ui_4) int32)
+ /* Length field is "unsigned int", which may be smaller than 32 bits. */
+ if (addr->length != (uint32_t)int32)
return KRB5_CC_NOMEM; /* XXX */
if (addr->length == 0)
- return KRB5_OK;
+ return 0;
- addr->contents = (krb5_octet *) malloc(addr->length);
+ addr->contents = malloc(addr->length);
if (addr->contents == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_fcc_read(context, id, addr->contents, addr->length);
+ kret = read_bytes(context, id, addr->contents, addr->length);
CHECK(kret);
- return KRB5_OK;
+ return 0;
+
errout:
if (addr->contents) {
free(addr->contents);
return kret;
}
+/* Load four bytes from the cache file and return their value as a 32-bit
+ * signed integer according to the file format. */
static krb5_error_code
-krb5_fcc_read_int32(krb5_context context, krb5_ccache id, krb5_int32 *i)
+read32(krb5_context context, krb5_ccache id, int32_t *out)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
- krb5_error_code retval;
- unsigned char buf[4];
+ krb5_error_code ret;
+ char bytes[4];
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- if ((data->version == KRB5_FCC_FVNO_1) ||
- (data->version == KRB5_FCC_FVNO_2))
- return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_int32));
- else {
- retval = krb5_fcc_read(context, id, buf, 4);
- if (retval)
- return retval;
- *i = load_32_be (buf);
- return 0;
- }
+ ret = read_bytes(context, id, bytes, 4);
+ if (ret)
+ return ret;
+ *out = (version(id) < 3) ? load_32_n(bytes) : load_32_be(bytes);
+ return 0;
}
+/* Load two bytes from the cache file and return their value as a 16-bit
+ * unsigned integer according to the file format. */
static krb5_error_code
-krb5_fcc_read_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 *i)
+read16(krb5_context context, krb5_ccache id, uint16_t *out)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
- krb5_error_code retval;
- unsigned char buf[2];
+ krb5_error_code ret;
+ char bytes[2];
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- if ((data->version == KRB5_FCC_FVNO_1) ||
- (data->version == KRB5_FCC_FVNO_2))
- return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_ui_2));
- else {
- retval = krb5_fcc_read(context, id, buf, 2);
- if (retval)
- return retval;
- *i = load_16_be (buf);
- return 0;
- }
+ ret = read_bytes(context, id, bytes, 2);
+ if (ret)
+ return ret;
+ *out = (version(id) < 3) ? load_16_n(bytes) : load_16_be(bytes);
+ return 0;
}
static krb5_error_code
-krb5_fcc_read_octet(krb5_context context, krb5_ccache id, krb5_octet *i)
+read_octet(krb5_context context, krb5_ccache id, unsigned char *i)
{
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
- return krb5_fcc_read(context, id, (krb5_pointer) i, 1);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
+ return read_bytes(context, id, i, 1);
}
-
static krb5_error_code
-krb5_fcc_read_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
+read_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+ fcc_data *data = id->data;
krb5_error_code retval;
- krb5_int32 i;
+ int32_t i;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- if ((data->version == KRB5_FCC_FVNO_1) ||
- (data->version == KRB5_FCC_FVNO_2))
- return krb5_fcc_read(context, id, (krb5_pointer) t, sizeof(krb5_ticket_times));
- else {
- retval = krb5_fcc_read_int32(context, id, &i);
+ if (data->version == FVNO_1 || data->version == FVNO_2) {
+ return read_bytes(context, id, t, sizeof(krb5_ticket_times));
+ } else {
+ retval = read32(context, id, &i);
CHECK(retval);
t->authtime = i;
- retval = krb5_fcc_read_int32(context, id, &i);
+ retval = read32(context, id, &i);
CHECK(retval);
t->starttime = i;
- retval = krb5_fcc_read_int32(context, id, &i);
+ retval = read32(context, id, &i);
CHECK(retval);
t->endtime = i;
- retval = krb5_fcc_read_int32(context, id, &i);
+ retval = read32(context, id, &i);
CHECK(retval);
t->renew_till = i;
}
}
static krb5_error_code
-krb5_fcc_read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a)
+read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a)
{
krb5_error_code kret;
- krb5_int32 length;
+ int32_t length;
size_t msize;
int i;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
*a = 0;
/* Read the number of components */
- kret = krb5_fcc_read_int32(context, id, &length);
+ kret = read32(context, id, &length);
CHECK(kret);
if (length == 0)
- return KRB5_OK;
+ return 0;
/* Make *a able to hold length pointers to krb5_authdata structs
- * Add one extra for a null-terminated list
- */
+ * Add one extra for a null-terminated list. */
msize = length;
msize += 1;
- if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0)
+ if (msize == 0 || msize - 1 != (uint32_t)length || length < 0)
return KRB5_CC_NOMEM;
- *a = ALLOC (msize, krb5_authdata *);
+ *a = ALLOC(msize, krb5_authdata *);
if (*a == NULL)
return KRB5_CC_NOMEM;
- for (i=0; i < length; i++) {
- (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+ for (i = 0; i < length; i++) {
+ (*a)[i] = malloc(sizeof(krb5_authdata));
if ((*a)[i] == NULL) {
krb5_free_authdata(context, *a);
*a = NULL;
return KRB5_CC_NOMEM;
}
(*a)[i]->contents = NULL;
- kret = krb5_fcc_read_authdatum(context, id, (*a)[i]);
+ kret = read_authdatum(context, id, (*a)[i]);
CHECK(kret);
}
- return KRB5_OK;
+ return 0;
errout:
if (*a) {
krb5_free_authdata(context, *a);
}
static krb5_error_code
-krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
+read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
{
krb5_error_code kret;
- krb5_int32 int32;
- krb5_int16 ui2; /* negative authorization data types are allowed */
+ int32_t int32;
+ int16_t ui2; /* negative authorization data types are allowed */
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
a->magic = KV5M_AUTHDATA;
a->contents = NULL;
- kret = krb5_fcc_read_ui_2(context, id, (krb5_ui_2 *)&ui2);
+ kret = read16(context, id, (uint16_t *)&ui2);
CHECK(kret);
a->ad_type = (krb5_authdatatype)ui2;
- kret = krb5_fcc_read_int32(context, id, &int32);
+ kret = read32(context, id, &int32);
CHECK(kret);
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
a->length = int32;
- /* Value could have gotten truncated if int is smaller than 32
- bits. */
- if (a->length != (krb5_ui_4) int32)
- return KRB5_CC_NOMEM; /* XXX */
+ /* Value could have gotten truncated if int is smaller than 32 bits. */
+ if (a->length != (uint32_t)int32)
+ return KRB5_CC_NOMEM;
- if (a->length == 0 )
- return KRB5_OK;
+ if (a->length == 0)
+ return 0;
- a->contents = (krb5_octet *) malloc(a->length);
+ a->contents = malloc(a->length);
if (a->contents == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_fcc_read(context, id, a->contents, a->length);
+ kret = read_bytes(context, id, a->contents, a->length);
CHECK(kret);
- return KRB5_OK;
+ return 0;
errout:
if (a->contents) {
free(a->contents);
}
#undef CHECK
-#define CHECK(ret) if (ret != KRB5_OK) return ret;
+#define CHECK(ret) if (ret) return ret;
-/*
- * Requires:
- * id is open
- *
- * Effects:
- * Writes len bytes from buf into the file cred cache id.
- *
- * Errors:
- * system errors
- */
+/* Write len bytes from buf into the cache file. Call with the mutex
+ * locked. */
static krb5_error_code
-krb5_fcc_write(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len)
+write_bytes(krb5_context context, krb5_ccache id, const void *buf,
+ unsigned int len)
{
int ret;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
- invalidate_cache((krb5_fcc_data *) id->data);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
+ invalidate_cache(id->data);
- ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len);
+ ret = write(((fcc_data *)id->data)->fd, buf, len);
if (ret < 0)
- return krb5_fcc_interpret(context, errno);
- if ((unsigned int) ret != len)
+ return interpret_errno(context, errno);
+ if ((unsigned int)ret != len)
return KRB5_CC_WRITE;
- return KRB5_OK;
+ return 0;
}
/*
* FOR ALL OF THE FOLLOWING FUNCTIONS:
*
* Requires:
- * ((krb5_fcc_data *) id->data)->file is open and at the right position.
+ * ((fcc_data *)id->data)->fd is open and at the right position.
*
* mutex is locked
*
*/
static krb5_error_code
-krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal princ)
+store_principal(krb5_context context, krb5_ccache id, krb5_principal princ)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+ fcc_data *data = id->data;
krb5_error_code ret;
- krb5_int32 i, length, tmp, type;
+ int32_t i, length, tmp, type;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
type = princ->type;
tmp = length = princ->length;
- if (data->version == KRB5_FCC_FVNO_1) {
+ if (data->version == FVNO_1) {
/*
* DCE-compatible format means that the length count
* includes the realm. (It also doesn't include the
*/
tmp++;
} else {
- ret = krb5_fcc_store_int32(context, id, type);
+ ret = store32(context, id, type);
CHECK(ret);
}
- ret = krb5_fcc_store_int32(context, id, tmp);
+ ret = store32(context, id, tmp);
CHECK(ret);
- ret = krb5_fcc_store_data(context, id, &princ->realm);
+ ret = store_data(context, id, &princ->realm);
CHECK(ret);
- for (i=0; i < length; i++) {
- ret = krb5_fcc_store_data(context, id, &princ->data[i]);
+ for (i = 0; i < length; i++) {
+ ret = store_data(context, id, &princ->data[i]);
CHECK(ret);
}
- return KRB5_OK;
+ return 0;
}
static krb5_error_code
-krb5_fcc_store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs)
+store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs)
{
krb5_error_code ret;
krb5_address **temp;
- krb5_int32 i, length = 0;
+ int32_t i, length = 0;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
/* Count the number of components */
if (addrs) {
length += 1;
}
- ret = krb5_fcc_store_int32(context, id, length);
+ ret = store32(context, id, length);
CHECK(ret);
- for (i=0; i < length; i++) {
- ret = krb5_fcc_store_addr(context, id, addrs[i]);
+ for (i = 0; i < length; i++) {
+ ret = store_addr(context, id, addrs[i]);
CHECK(ret);
}
- return KRB5_OK;
+ return 0;
}
static krb5_error_code
-krb5_fcc_store_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
+store_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+ fcc_data *data = id->data;
krb5_error_code ret;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
+ ret = store16(context, id, keyblock->enctype);
CHECK(ret);
- if (data->version == KRB5_FCC_FVNO_3) {
- ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
+ if (data->version == FVNO_3) {
+ ret = store16(context, id, keyblock->enctype);
CHECK(ret);
}
- ret = krb5_fcc_store_ui_4(context, id, keyblock->length);
+ ret = store32(context, id, keyblock->length);
CHECK(ret);
- return krb5_fcc_write(context, id, (char *) keyblock->contents, keyblock->length);
+ return write_bytes(context, id, keyblock->contents, keyblock->length);
}
static krb5_error_code
-krb5_fcc_store_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
+store_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
{
krb5_error_code ret;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- ret = krb5_fcc_store_ui_2(context, id, addr->addrtype);
+ ret = store16(context, id, addr->addrtype);
CHECK(ret);
- ret = krb5_fcc_store_ui_4(context, id, addr->length);
+ ret = store32(context, id, addr->length);
CHECK(ret);
- return krb5_fcc_write(context, id, (char *) addr->contents, addr->length);
+ return write_bytes(context, id, addr->contents, addr->length);
}
-
static krb5_error_code
-krb5_fcc_store_data(krb5_context context, krb5_ccache id, krb5_data *data)
+store_data(krb5_context context, krb5_ccache id, krb5_data *data)
{
krb5_error_code ret;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- ret = krb5_fcc_store_ui_4(context, id, data->length);
+ ret = store32(context, id, data->length);
CHECK(ret);
- return krb5_fcc_write(context, id, data->data, data->length);
-}
-
-static krb5_error_code
-krb5_fcc_store_int32(krb5_context context, krb5_ccache id, krb5_int32 i)
-{
- return krb5_fcc_store_ui_4(context, id, (krb5_ui_4) i);
+ return write_bytes(context, id, data->data, data->length);
}
+/* Store a 32-bit integer into the cache file according to the file format. */
static krb5_error_code
-krb5_fcc_store_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i)
+store32(krb5_context context, krb5_ccache id, uint32_t i)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
unsigned char buf[4];
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- if ((data->version == KRB5_FCC_FVNO_1) ||
- (data->version == KRB5_FCC_FVNO_2))
- return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32));
- else {
- store_32_be (i, buf);
- return krb5_fcc_write(context, id, buf, 4);
- }
+ if (version(id) < 3)
+ store_32_n(i, buf);
+ else
+ store_32_be(i, buf);
+ return write_bytes(context, id, buf, 4);
}
+/* Store a 16-bit integer into the cache file according to the file format. */
static krb5_error_code
-krb5_fcc_store_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i)
+store16(krb5_context context, krb5_ccache id, uint16_t i)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
- krb5_ui_2 ibuf;
unsigned char buf[2];
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- if ((data->version == KRB5_FCC_FVNO_1) ||
- (data->version == KRB5_FCC_FVNO_2)) {
- ibuf = (krb5_ui_2) i;
- return krb5_fcc_write(context, id, (char *) &ibuf, sizeof(krb5_ui_2));
- } else {
- store_16_be (i, buf);
- return krb5_fcc_write(context, id, buf, 2);
- }
+ if (version(id) < 3)
+ store_16_n(i, buf);
+ else
+ store_16_be(i, buf);
+ return write_bytes(context, id, buf, 2);
}
static krb5_error_code
-krb5_fcc_store_octet(krb5_context context, krb5_ccache id, krb5_int32 i)
+store_octet(krb5_context context, krb5_ccache id, unsigned char i)
{
- krb5_octet ibuf;
-
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- ibuf = (krb5_octet) i;
- return krb5_fcc_write(context, id, (char *) &ibuf, 1);
+ return write_bytes(context, id, &i, 1);
}
static krb5_error_code
-krb5_fcc_store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
+store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+ fcc_data *data = id->data;
krb5_error_code retval;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- if ((data->version == KRB5_FCC_FVNO_1) ||
- (data->version == KRB5_FCC_FVNO_2))
- return krb5_fcc_write(context, id, (char *) t, sizeof(krb5_ticket_times));
- else {
- retval = krb5_fcc_store_int32(context, id, t->authtime);
+ if (data->version == FVNO_1 || data->version == FVNO_2) {
+ return write_bytes(context, id, t, sizeof(krb5_ticket_times));
+ } else {
+ retval = store32(context, id, t->authtime);
CHECK(retval);
- retval = krb5_fcc_store_int32(context, id, t->starttime);
+ retval = store32(context, id, t->starttime);
CHECK(retval);
- retval = krb5_fcc_store_int32(context, id, t->endtime);
+ retval = store32(context, id, t->endtime);
CHECK(retval);
- retval = krb5_fcc_store_int32(context, id, t->renew_till);
+ retval = store32(context, id, t->renew_till);
CHECK(retval);
return 0;
}
}
static krb5_error_code
-krb5_fcc_store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a)
+store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a)
{
krb5_error_code ret;
krb5_authdata **temp;
- krb5_int32 i, length=0;
+ int32_t i, length = 0;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
if (a != NULL) {
- for (temp=a; *temp; temp++)
+ for (temp = a; *temp; temp++)
length++;
}
- ret = krb5_fcc_store_int32(context, id, length);
+ ret = store32(context, id, length);
CHECK(ret);
- for (i=0; i<length; i++) {
- ret = krb5_fcc_store_authdatum (context, id, a[i]);
+ for (i = 0; i < length; i++) {
+ ret = store_authdatum(context, id, a[i]);
CHECK(ret);
}
- return KRB5_OK;
+ return 0;
}
static krb5_error_code
-krb5_fcc_store_authdatum (krb5_context context, krb5_ccache id, krb5_authdata *a)
+store_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
{
krb5_error_code ret;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- ret = krb5_fcc_store_ui_2(context, id, a->ad_type);
+ ret = store16(context, id, a->ad_type);
CHECK(ret);
- ret = krb5_fcc_store_ui_4(context, id, a->length);
+ ret = store32(context, id, a->length);
CHECK(ret);
- return krb5_fcc_write(context, id, (krb5_pointer) a->contents, a->length);
+ return write_bytes(context, id, a->contents, a->length);
}
#undef CHECK
+/* Unlock and close the cache file. Call with the mutex locked. */
static krb5_error_code
-krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data)
+close_cache_file(krb5_context context, fcc_data *data)
{
- int ret;
- krb5_error_code retval;
+ int st;
+ krb5_error_code ret;
k5_cc_mutex_assert_locked(context, &data->lock);
- if (data->file == NO_FILE)
+ if (data->fd == NO_FILE)
return KRB5_FCC_INTERNAL;
- retval = krb5_unlock_file(context, data->file);
- ret = close (data->file);
- data->file = NO_FILE;
- if (retval)
- return retval;
+ ret = krb5_unlock_file(context, data->fd);
+ st = close(data->fd);
+ data->fd = NO_FILE;
+ if (ret)
+ return ret;
- return ret ? krb5_fcc_interpret (context, errno) : 0;
+ return st ? interpret_errno(context, errno) : 0;
}
#if defined(ANSI_STDIO) || defined(_WIN32)
((SIZE) < BUFSIZE ? (abort(),0) : setbuf(FILE, BUF))
#endif
+/* Open and lock the cache file. If mode is FCC_OPEN_AND_ERASE, initialize it
+ * with a header. Call with the mutex locked. */
static krb5_error_code
-krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode)
+open_cache_file(krb5_context context, krb5_ccache id, int mode)
{
krb5_os_context os_ctx = &context->os_context;
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
- krb5_ui_2 fcc_fvno;
- krb5_ui_2 fcc_flen;
- krb5_ui_2 fcc_tag;
- krb5_ui_2 fcc_taglen;
- int f, open_flag;
- int lock_flag;
- krb5_error_code retval = 0;
+ krb5_error_code ret;
+ fcc_data *data = id->data;
+ char fcc_fvno[2];
+ uint16_t fcc_flen, fcc_tag, fcc_taglen;
+ int32_t time_offset, usec_offset;
+ int f, open_flag, lock_flag, cnt;
+ char buf[1024];
k5_cc_mutex_assert_locked(context, &data->lock);
invalidate_cache(data);
- if (data->file != NO_FILE) {
- /* Don't know what state it's in; shut down and start anew. */
- (void) krb5_unlock_file(context, data->file);
- (void) close (data->file);
- data->file = NO_FILE;
+ if (data->fd != NO_FILE) {
+ /* Don't know what state it's in; shut down and start anew. */
+ (void)krb5_unlock_file(context, data->fd);
+ (void)close(data->fd);
+ data->fd = NO_FILE;
}
- switch(mode) {
+ switch (mode) {
case FCC_OPEN_AND_ERASE:
unlink(data->filename);
- open_flag = O_CREAT|O_EXCL|O_TRUNC|O_RDWR;
+ open_flag = O_CREAT | O_EXCL | O_TRUNC | O_RDWR;
break;
case FCC_OPEN_RDWR:
open_flag = O_RDWR;
break;
}
- f = THREEPARAMOPEN (data->filename, open_flag | O_BINARY, 0600);
+ f = THREEPARAMOPEN(data->filename, open_flag | O_BINARY, 0600);
if (f == NO_FILE) {
- switch (errno) {
- case ENOENT:
- retval = KRB5_FCC_NOFILE;
- krb5_set_error_message(context, retval,
+ if (errno == ENOENT) {
+ ret = KRB5_FCC_NOFILE;
+ krb5_set_error_message(context, ret,
_("Credentials cache file '%s' not found"),
data->filename);
- return retval;
- default:
- return krb5_fcc_interpret (context, errno);
+ return ret;
+ } else {
+ return interpret_errno(context, errno);
}
}
set_cloexec_fd(f);
lock_flag = KRB5_LOCKMODE_SHARED;
else
lock_flag = KRB5_LOCKMODE_EXCLUSIVE;
- if ((retval = krb5_lock_file(context, f, lock_flag))) {
- (void) close(f);
- return retval;
+ ret = krb5_lock_file(context, f, lock_flag);
+ if (ret) {
+ (void)close(f);
+ return ret;
}
if (mode == FCC_OPEN_AND_ERASE) {
/* write the version number */
- int cnt;
-
- fcc_fvno = htons(context->fcc_default_format);
+ store_16_be(context->fcc_default_format, fcc_fvno);
data->version = context->fcc_default_format;
- if ((cnt = write(f, (char *)&fcc_fvno, sizeof(fcc_fvno))) !=
- sizeof(fcc_fvno)) {
- retval = ((cnt == -1) ? krb5_fcc_interpret(context, errno) :
- KRB5_CC_IO);
+ cnt = write(f, fcc_fvno, 2);
+ if (cnt != 2) {
+ ret = (cnt == -1) ? interpret_errno(context, errno) : KRB5_CC_IO;
goto done;
}
- data->file = f;
+ data->fd = f;
- if (data->version == KRB5_FCC_FVNO_4) {
+ if (data->version == FVNO_4) {
/* V4 of the credentials cache format allows for header tags */
fcc_flen = 0;
if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)
- fcc_flen += (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32));
+ fcc_flen += 2 + 2 + 4 + 4;
- /* Write header length */
- retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen);
- if (retval) goto done;
+ /* Write header length. */
+ ret = store16(context, id, fcc_flen);
+ if (ret)
+ goto done;
if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
- /* Write time offset tag */
+ /* Write time offset tag. */
fcc_tag = FCC_TAG_DELTATIME;
- fcc_taglen = 2*sizeof(krb5_int32);
-
- retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_tag);
- if (retval) goto done;
- retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_taglen);
- if (retval) goto done;
- retval = krb5_fcc_store_int32(context,id,os_ctx->time_offset);
- if (retval) goto done;
- retval = krb5_fcc_store_int32(context,id,os_ctx->usec_offset);
- if (retval) goto done;
+ fcc_taglen = 2 * 4;
+
+ ret = store16(context, id, fcc_tag);
+ if (ret)
+ goto done;
+ ret = store16(context, id, fcc_taglen);
+ if (ret)
+ goto done;
+ ret = store32(context, id, os_ctx->time_offset);
+ if (ret)
+ goto done;
+ ret = store32(context, id, os_ctx->usec_offset);
+ if (ret)
+ goto done;
}
}
invalidate_cache(data);
goto done;
}
- /* verify a valid version number is there */
+ /* Verify a valid version number is there. */
invalidate_cache(data);
- if (read(f, (char *)&fcc_fvno, sizeof(fcc_fvno)) != sizeof(fcc_fvno)) {
- retval = KRB5_CC_FORMAT;
+ if (read(f, fcc_fvno, 2) != 2) {
+ ret = KRB5_CC_FORMAT;
goto done;
}
- data->version = ntohs(fcc_fvno);
- if ((data->version != KRB5_FCC_FVNO_4) &&
- (data->version != KRB5_FCC_FVNO_3) &&
- (data->version != KRB5_FCC_FVNO_2) &&
- (data->version != KRB5_FCC_FVNO_1)) {
- retval = KRB5_CCACHE_BADVNO;
+ data->version = load_16_be(fcc_fvno);
+ if (data->version != FVNO_4 && data->version != FVNO_3 &&
+ data->version != FVNO_2 && data->version != FVNO_1) {
+ ret = KRB5_CCACHE_BADVNO;
goto done;
}
- data->file = f;
+ data->fd = f;
- if (data->version == KRB5_FCC_FVNO_4) {
- char buf[1024];
-
- if (krb5_fcc_read_ui_2(context, id, &fcc_flen) ||
- (fcc_flen > sizeof(buf)))
- {
- retval = KRB5_CC_FORMAT;
+ if (data->version == FVNO_4) {
+ if (read16(context, id, &fcc_flen) || fcc_flen > sizeof(buf)) {
+ ret = KRB5_CC_FORMAT;
goto done;
}
while (fcc_flen) {
- if ((fcc_flen < (2 * sizeof(krb5_ui_2))) ||
- krb5_fcc_read_ui_2(context, id, &fcc_tag) ||
- krb5_fcc_read_ui_2(context, id, &fcc_taglen) ||
- (fcc_taglen > (fcc_flen - 2*sizeof(krb5_ui_2))))
- {
- retval = KRB5_CC_FORMAT;
+ if (fcc_flen < 2 * 2 || read16(context, id, &fcc_tag) ||
+ read16(context, id, &fcc_taglen) ||
+ fcc_taglen > fcc_flen - 2 * 2) {
+ ret = KRB5_CC_FORMAT;
goto done;
}
switch (fcc_tag) {
case FCC_TAG_DELTATIME:
- if (fcc_taglen != 2*sizeof(krb5_int32)) {
- retval = KRB5_CC_FORMAT;
+ if (fcc_taglen != 2 * 4) {
+ ret = KRB5_CC_FORMAT;
goto done;
}
if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) ||
- (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID))
- {
- if (krb5_fcc_read(context, id, buf, fcc_taglen)) {
- retval = KRB5_CC_FORMAT;
+ (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
+ if (read_bytes(context, id, buf, fcc_taglen)) {
+ ret = KRB5_CC_FORMAT;
goto done;
}
break;
}
- if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) ||
- krb5_fcc_read_int32(context, id, &os_ctx->usec_offset))
- {
- retval = KRB5_CC_FORMAT;
+ if (read32(context, id, &time_offset) ||
+ read32(context, id, &usec_offset)) {
+ ret = KRB5_CC_FORMAT;
goto done;
}
+ os_ctx->time_offset = time_offset;
+ os_ctx->usec_offset = usec_offset;
os_ctx->os_flags =
((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
KRB5_OS_TOFFSET_VALID);
break;
default:
- if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) {
- retval = KRB5_CC_FORMAT;
+ if (fcc_taglen && read_bytes(context, id, buf, fcc_taglen)) {
+ ret = KRB5_CC_FORMAT;
goto done;
}
break;
}
- fcc_flen -= (2*sizeof(krb5_ui_2) + fcc_taglen);
+ fcc_flen -= (2 * 2 + fcc_taglen);
}
}
done:
- if (retval) {
- data->file = -1;
- (void) krb5_unlock_file(context, f);
- (void) close(f);
+ if (ret) {
+ data->fd = -1;
+ (void)krb5_unlock_file(context, f);
+ (void)close(f);
}
- return retval;
+ return ret;
}
+/* Seek past the header in the cache file. */
static krb5_error_code
-krb5_fcc_skip_header(krb5_context context, krb5_ccache id)
+skip_header(krb5_context context, krb5_ccache id)
{
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
- krb5_error_code kret;
- krb5_ui_2 fcc_flen;
+ fcc_data *data = id->data;
+ krb5_error_code ret;
+ uint16_t fcc_flen;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &data->lock);
- fcc_lseek(data, (off_t) sizeof(krb5_ui_2), SEEK_SET);
- if (data->version == KRB5_FCC_FVNO_4) {
- kret = krb5_fcc_read_ui_2(context, id, &fcc_flen);
- if (kret) return kret;
- if(fcc_lseek(data, (off_t) fcc_flen, SEEK_CUR) < 0)
+ fcc_lseek(data, 2, SEEK_SET);
+ if (version(id) >= 4) {
+ ret = read16(context, id, &fcc_flen);
+ if (ret)
+ return ret;
+ if (fcc_lseek(data, fcc_flen, SEEK_CUR) < 0)
return errno;
}
- return KRB5_OK;
+ return 0;
}
+/* Seek past the default principal in the cache file. */
static krb5_error_code
-krb5_fcc_skip_principal(krb5_context context, krb5_ccache id)
+skip_principal(krb5_context context, krb5_ccache id)
{
- krb5_error_code kret;
+ krb5_error_code ret;
krb5_principal princ;
- k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
- kret = krb5_fcc_read_principal(context, id, &princ);
- if (kret != KRB5_OK)
- return kret;
+ ret = read_principal(context, id, &princ);
+ if (ret)
+ return ret;
krb5_free_principal(context, princ);
- return KRB5_OK;
+ return 0;
}
-
-/*
- * Modifies:
- * id
- *
- * Effects:
- * Creates/refreshes the file cred cache id. If the cache exists, its
- * contents are destroyed.
- *
- * Errors:
- * system errors
- * permission errors
- */
+/* Create or overwrite the cache file with a header and default principal. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
+fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
{
- krb5_error_code kret = 0;
- int reti = 0;
+ krb5_error_code ret;
+ fcc_data *data = id->data;
+ int st = 0;
- k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_lock(context, &data->lock);
MAYBE_OPEN(context, id, FCC_OPEN_AND_ERASE);
#if defined(HAVE_FCHMOD) || defined(HAVE_CHMOD)
- {
#ifdef HAVE_FCHMOD
- reti = fchmod(((krb5_fcc_data *)id->data)->file, S_IRUSR | S_IWUSR);
+ st = fchmod(data->fd, S_IRUSR | S_IWUSR);
#else
- reti = chmod(((krb5_fcc_data *)id->data)->filename, S_IRUSR | S_IWUSR);
+ st = chmod(data->filename, S_IRUSR | S_IWUSR);
#endif
- if (reti == -1) {
- kret = krb5_fcc_interpret(context, errno);
- MAYBE_CLOSE(context, id, kret);
- k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
- return kret;
- }
+ if (st == -1) {
+ ret = interpret_errno(context, errno);
+ MAYBE_CLOSE(context, id, ret);
+ k5_cc_mutex_unlock(context, &data->lock);
+ return ret;
}
#endif
- kret = krb5_fcc_store_principal(context, id, princ);
+ ret = store_principal(context, id, princ);
- MAYBE_CLOSE(context, id, kret);
- k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
- krb5_change_cache ();
- return kret;
+ MAYBE_CLOSE(context, id, ret);
+ k5_cc_mutex_unlock(context, &data->lock);
+ krb5_change_cache();
+ return ret;
}
-/*
- * Drop the ref count; if it hits zero, remove the entry from the
- * fcc_set list and free it.
- */
-static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data)
+/* Drop the ref count. If it hits zero, remove the entry from the fcc_set list
+ * and free it. */
+static krb5_error_code dereference(krb5_context context, fcc_data *data)
{
- struct fcc_set **fccsp;
+ struct fcc_set **fccsp, *temp;
k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
- for (fccsp = &fccs; *fccsp != NULL; fccsp = &(*fccsp)->next)
+ for (fccsp = &fccs; *fccsp != NULL; fccsp = &(*fccsp)->next) {
if ((*fccsp)->data == data)
break;
+ }
assert(*fccsp != NULL);
assert((*fccsp)->data == data);
(*fccsp)->refcount--;
if ((*fccsp)->refcount == 0) {
- struct fcc_set *temp;
data = (*fccsp)->data;
temp = *fccsp;
*fccsp = (*fccsp)->next;
k5_cc_mutex_assert_unlocked(context, &data->lock);
free(data->filename);
zap(data->buf, sizeof(data->buf));
- if (data->file >= 0) {
+ if (data->fd >= 0) {
k5_cc_mutex_lock(context, &data->lock);
- krb5_fcc_close_file(context, data);
+ close_cache_file(context, data);
k5_cc_mutex_unlock(context, &data->lock);
}
k5_cc_mutex_destroy(&data->lock);
free(data);
- } else
+ } else {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+ }
return 0;
}
-/*
- * Modifies:
- * id
- *
- * Effects:
- * Closes the file cache, invalidates the id, and frees any resources
- * associated with the cache.
- */
+/* Release the ccache handle. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_close(krb5_context context, krb5_ccache id)
+fcc_close(krb5_context context, krb5_ccache id)
{
- dereference(context, (krb5_fcc_data *) id->data);
+ dereference(context, id->data);
free(id);
- return KRB5_OK;
+ return 0;
}
-/*
- * Effects:
- * Destroys the contents of id.
- *
- * Errors:
- * system errors
- */
+/* Destroy the cache file and release the handle. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_destroy(krb5_context context, krb5_ccache id)
+fcc_destroy(krb5_context context, krb5_ccache id)
{
- krb5_error_code kret = 0;
- krb5_fcc_data *data = (krb5_fcc_data *) id->data;
- register int ret;
-
+ krb5_error_code ret = 0;
+ fcc_data *data = id->data;
+ int st, fd;
struct stat buf;
unsigned long i, size;
unsigned int wlen;
if (OPENCLOSE(id)) {
invalidate_cache(data);
- ret = THREEPARAMOPEN(data->filename,
- O_RDWR | O_BINARY, 0);
- if (ret < 0) {
- kret = krb5_fcc_interpret(context, errno);
+ fd = THREEPARAMOPEN(data->filename, O_RDWR | O_BINARY, 0);
+ if (fd < 0) {
+ ret = interpret_errno(context, errno);
goto cleanup;
}
- set_cloexec_fd(ret);
- data->file = ret;
+ set_cloexec_fd(fd);
+ data->fd = fd;
+ } else {
+ fcc_lseek(data, 0, SEEK_SET);
}
- else
- fcc_lseek(data, (off_t) 0, SEEK_SET);
#ifdef MSDOS_FILESYSTEM
-/* "disgusting bit of UNIX trivia" - that's how the writers of NFS describe
-** the ability of UNIX to still write to a file which has been unlinked.
-** Naturally, the PC can't do this. As a result, we have to delete the file
-** after we wipe it clean but that throws off all the error handling code.
-** So we have do the work ourselves.
-*/
- ret = fstat(data->file, &buf);
- if (ret == -1) {
- kret = krb5_fcc_interpret(context, errno);
- size = 0; /* Nothing to wipe clean */
- } else
- size = (unsigned long) buf.st_size;
+ /*
+ * "Disgusting bit of UNIX trivia" - that's how the writers of NFS describe
+ * the ability of UNIX to still write to a file which has been unlinked.
+ * Naturally, the PC can't do this. As a result, we have to delete the
+ * file after we wipe it clean, but that throws off all the error handling
+ * code. So we have do the work ourselves.
+ */
+ st = fstat(data->fd, &buf);
+ if (st == -1) {
+ ret = interpret_errno(context, errno);
+ size = 0; /* Nothing to wipe clean */
+ } else {
+ size = (unsigned long)buf.st_size;
+ }
memset(zeros, 0, BUFSIZ);
while (size > 0) {
- wlen = (int) ((size > BUFSIZ) ? BUFSIZ : size); /* How much to write */
- i = write(data->file, zeros, wlen);
+ wlen = (int)((size > BUFSIZ) ? BUFSIZ : size); /* How much to write */
+ i = write(data->fd, zeros, wlen);
if (i < 0) {
- kret = krb5_fcc_interpret(context, errno);
+ ret = interpret_errno(context, errno);
/* Don't jump to cleanup--we still want to delete the file. */
break;
}
- size -= i; /* We've read this much */
+ size -= i;
}
if (OPENCLOSE(id)) {
- (void) close(((krb5_fcc_data *)id->data)->file);
- data->file = -1;
+ (void)close(((fcc_data *)id->data)->fd);
+ data->fd = -1;
}
- ret = unlink(data->filename);
- if (ret < 0) {
- kret = krb5_fcc_interpret(context, errno);
+ st = unlink(data->filename);
+ if (st < 0) {
+ ret = interpret_errno(context, errno);
goto cleanup;
}
#else /* MSDOS_FILESYSTEM */
- ret = unlink(data->filename);
- if (ret < 0) {
- kret = krb5_fcc_interpret(context, errno);
+ st = unlink(data->filename);
+ if (st < 0) {
+ ret = interpret_errno(context, errno);
if (OPENCLOSE(id)) {
- (void) close(((krb5_fcc_data *)id->data)->file);
- data->file = -1;
- kret = ret;
+ (void)close(data->fd);
+ data->fd = -1;
}
goto cleanup;
}
- ret = fstat(data->file, &buf);
- if (ret < 0) {
- kret = krb5_fcc_interpret(context, errno);
+ st = fstat(data->fd, &buf);
+ if (st < 0) {
+ ret = interpret_errno(context, errno);
if (OPENCLOSE(id)) {
- (void) close(((krb5_fcc_data *)id->data)->file);
- data->file = -1;
+ (void)close(data->fd);
+ data->fd = -1;
}
goto cleanup;
}
/* XXX This may not be legal XXX */
- size = (unsigned long) buf.st_size;
+ size = (unsigned long)buf.st_size;
memset(zeros, 0, BUFSIZ);
- for (i=0; i < size / BUFSIZ; i++)
- if (write(data->file, zeros, BUFSIZ) < 0) {
- kret = krb5_fcc_interpret(context, errno);
+ for (i = 0; i < size / BUFSIZ; i++) {
+ if (write(data->fd, zeros, BUFSIZ) < 0) {
+ ret = interpret_errno(context, errno);
if (OPENCLOSE(id)) {
- (void) close(((krb5_fcc_data *)id->data)->file);
- data->file = -1;
+ (void)close(data->fd);
+ data->fd = -1;
}
goto cleanup;
}
+ }
- wlen = (unsigned int) (size % BUFSIZ);
- if (write(data->file, zeros, wlen) < 0) {
- kret = krb5_fcc_interpret(context, errno);
+ wlen = size % BUFSIZ;
+ if (write(data->fd, zeros, wlen) < 0) {
+ ret = interpret_errno(context, errno);
if (OPENCLOSE(id)) {
- (void) close(((krb5_fcc_data *)id->data)->file);
- data->file = -1;
+ (void)close(data->fd);
+ data->fd = -1;
}
goto cleanup;
}
- ret = close(data->file);
- data->file = -1;
+ st = close(data->fd);
+ data->fd = -1;
- if (ret)
- kret = krb5_fcc_interpret(context, errno);
+ if (st)
+ ret = interpret_errno(context, errno);
#endif /* MSDOS_FILESYSTEM */
dereference(context, data);
free(id);
- krb5_change_cache ();
- return kret;
+ krb5_change_cache();
+ return ret;
}
extern const krb5_cc_ops krb5_fcc_ops;
-/*
- * Requires:
- * residual is a legal path name, and a null-terminated string
- *
- * Modifies:
- * id
- *
- * Effects:
- * creates a file-based cred cache that will reside in the file
- * residual. The cache is not opened, but the filename is reserved.
- *
- * Returns:
- * A filled in krb5_ccache structure "id".
- *
- * Errors:
- * KRB5_CC_NOMEM - there was insufficient memory to allocate the
- * krb5_ccache. id is undefined.
- * permission errors
- */
+/* Create a file ccache handle for the pathname given by residual. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
+fcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
{
krb5_ccache lid;
- krb5_error_code kret;
- krb5_fcc_data *data;
+ krb5_error_code ret;
+ fcc_data *data;
struct fcc_set *setptr;
k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
k5_cc_mutex_lock(context, &data->lock);
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
} else {
- data = malloc(sizeof(krb5_fcc_data));
+ data = malloc(sizeof(fcc_data));
if (data == NULL) {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
return KRB5_CC_NOMEM;
free(data);
return KRB5_CC_NOMEM;
}
- kret = k5_cc_mutex_init(&data->lock);
- if (kret) {
+ ret = k5_cc_mutex_init(&data->lock);
+ if (ret) {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
free(data->filename);
free(data);
- return kret;
+ return ret;
}
k5_cc_mutex_lock(context, &data->lock);
/* data->version,mode filled in for real later */
data->version = data->mode = 0;
data->flags = KRB5_TC_OPENCLOSE;
- data->file = -1;
+ data->fd = -1;
data->valid_bytes = 0;
setptr = malloc(sizeof(struct fcc_set));
if (setptr == NULL) {
k5_cc_mutex_assert_locked(context, &data->lock);
k5_cc_mutex_unlock(context, &data->lock);
- lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+ lid = malloc(sizeof(struct _krb5_ccache));
if (lid == NULL) {
dereference(context, data);
return KRB5_CC_NOMEM;
lid->data = data;
lid->magic = KV5M_CCACHE;
- /* other routines will get errors on open, and callers must expect them,
- if cache is non-existent/unusable */
+ /* Other routines will get errors on open, and callers must expect them, if
+ * cache is non-existent/unusable. */
*id = lid;
- return KRB5_OK;
+ return 0;
}
-/*
- * Effects:
- * Prepares for a sequential search of the credentials cache.
- * Returns and krb5_cc_cursor to be used with krb5_fcc_next_cred and
- * krb5_fcc_end_seq_get.
- *
- * If the cache is modified between the time of this call and the time
- * of the final krb5_fcc_end_seq_get, the results are undefined.
- *
- * Errors:
- * KRB5_CC_NOMEM
- * system errors
- */
+/* Prepare for a sequential iteration over the cache file. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_start_seq_get(krb5_context context, krb5_ccache id,
- krb5_cc_cursor *cursor)
+fcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
{
krb5_fcc_cursor *fcursor;
- krb5_error_code kret = KRB5_OK;
- krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+ krb5_error_code ret;
+ fcc_data *data = id->data;
k5_cc_mutex_lock(context, &data->lock);
- fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor));
+ fcursor = malloc(sizeof(krb5_fcc_cursor));
if (fcursor == NULL) {
k5_cc_mutex_unlock(context, &data->lock);
return KRB5_CC_NOMEM;
}
if (OPENCLOSE(id)) {
- kret = krb5_fcc_open_file(context, id, FCC_OPEN_RDONLY);
- if (kret) {
+ ret = open_cache_file(context, id, FCC_OPEN_RDONLY);
+ if (ret) {
free(fcursor);
k5_cc_mutex_unlock(context, &data->lock);
- return kret;
+ return ret;
}
}
/* Make sure we start reading right after the primary principal */
- kret = krb5_fcc_skip_header(context, id);
- if (kret) {
+ ret = skip_header(context, id);
+ if (ret) {
free(fcursor);
goto done;
}
- kret = krb5_fcc_skip_principal(context, id);
- if (kret) {
+ ret = skip_principal(context, id);
+ if (ret) {
free(fcursor);
goto done;
}
- fcursor->pos = fcc_lseek(data, (off_t) 0, SEEK_CUR);
- *cursor = (krb5_cc_cursor) fcursor;
+ fcursor->pos = fcc_lseek(data, 0, SEEK_CUR);
+ *cursor = (krb5_cc_cursor)fcursor;
done:
- MAYBE_CLOSE(context, id, kret);
+ MAYBE_CLOSE(context, id, ret);
k5_cc_mutex_unlock(context, &data->lock);
- return kret;
+ return ret;
}
-
-/*
- * Requires:
- * cursor is a krb5_cc_cursor originally obtained from
- * krb5_fcc_start_seq_get.
- *
- * Modifes:
- * cursor, creds
- *
- * Effects:
- * Fills in creds with the "next" credentals structure from the cache
- * id. The actual order the creds are returned in is arbitrary.
- * Space is allocated for the variable length fields in the
- * credentials structure, so the object returned must be passed to
- * krb5_destroy_credential.
- *
- * The cursor is updated for the next call to krb5_fcc_next_cred.
- *
- * Errors:
- * system errors
- */
+/* Get the next credential from the cache file. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
- krb5_creds *creds)
+fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
+ krb5_creds *creds)
{
-#define TCHECK(ret) if (ret != KRB5_OK) goto lose;
- krb5_error_code kret;
- krb5_fcc_cursor *fcursor;
- krb5_int32 int32;
- krb5_octet octet;
- krb5_fcc_data *d = (krb5_fcc_data *) id->data;
-
- k5_cc_mutex_lock(context, &d->lock);
+#define TCHECK(ret) if (ret) goto lose;
+ krb5_error_code ret;
+ krb5_fcc_cursor *fcursor = *cursor;
+ int32_t int32;
+ unsigned char octet;
+ fcc_data *data = id->data;
memset(creds, 0, sizeof(*creds));
+ k5_cc_mutex_lock(context, &data->lock);
MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
- fcursor = (krb5_fcc_cursor *) *cursor;
- kret = (fcc_lseek(d, fcursor->pos, SEEK_SET) == (off_t) -1);
- if (kret) {
- kret = krb5_fcc_interpret(context, errno);
- MAYBE_CLOSE(context, id, kret);
- k5_cc_mutex_unlock(context, &d->lock);
- return kret;
+ if (fcc_lseek(data, fcursor->pos, SEEK_SET) == -1) {
+ ret = interpret_errno(context, errno);
+ goto lose;
}
- kret = krb5_fcc_read_principal(context, id, &creds->client);
- TCHECK(kret);
- kret = krb5_fcc_read_principal(context, id, &creds->server);
- TCHECK(kret);
- kret = krb5_fcc_read_keyblock(context, id, &creds->keyblock);
- TCHECK(kret);
- kret = krb5_fcc_read_times(context, id, &creds->times);
- TCHECK(kret);
- kret = krb5_fcc_read_octet(context, id, &octet);
- TCHECK(kret);
+ ret = read_principal(context, id, &creds->client);
+ TCHECK(ret);
+ ret = read_principal(context, id, &creds->server);
+ TCHECK(ret);
+ ret = read_keyblock(context, id, &creds->keyblock);
+ TCHECK(ret);
+ ret = read_times(context, id, &creds->times);
+ TCHECK(ret);
+ ret = read_octet(context, id, &octet);
+ TCHECK(ret);
creds->is_skey = octet;
- kret = krb5_fcc_read_int32(context, id, &int32);
- TCHECK(kret);
+ ret = read32(context, id, &int32);
+ TCHECK(ret);
creds->ticket_flags = int32;
- kret = krb5_fcc_read_addrs(context, id, &creds->addresses);
- TCHECK(kret);
- kret = krb5_fcc_read_authdata(context, id, &creds->authdata);
- TCHECK(kret);
- kret = krb5_fcc_read_data(context, id, &creds->ticket);
- TCHECK(kret);
- kret = krb5_fcc_read_data(context, id, &creds->second_ticket);
- TCHECK(kret);
+ ret = read_addrs(context, id, &creds->addresses);
+ TCHECK(ret);
+ ret = read_authdata(context, id, &creds->authdata);
+ TCHECK(ret);
+ ret = read_data(context, id, &creds->ticket);
+ TCHECK(ret);
+ ret = read_data(context, id, &creds->second_ticket);
+ TCHECK(ret);
- fcursor->pos = fcc_lseek(d, (off_t) 0, SEEK_CUR);
+ fcursor->pos = fcc_lseek(data, 0, SEEK_CUR);
lose:
- MAYBE_CLOSE (context, id, kret);
- k5_cc_mutex_unlock(context, &d->lock);
- if (kret != KRB5_OK)
+ MAYBE_CLOSE(context, id, ret);
+ k5_cc_mutex_unlock(context, &data->lock);
+ if (ret)
krb5_free_cred_contents(context, creds);
- return kret;
+ return ret;
}
-/*
- * Requires:
- * cursor is a krb5_cc_cursor originally obtained from
- * krb5_fcc_start_seq_get.
- *
- * Modifies:
- * id, cursor
- *
- * Effects:
- * Finishes sequential processing of the file credentials ccache id,
- * and invalidates the cursor (it must never be used after this call).
- */
-/* ARGSUSED */
+/* Release an iteration cursor. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
{
- /* We don't do anything with the file cache itself, so
- no need to lock anything. */
-
- /* don't close; it may be left open by the caller,
- and if not, fcc_start_seq_get and/or fcc_next_cred will do the
- MAYBE_CLOSE.
- MAYBE_CLOSE(context, id, kret); */
- free((krb5_fcc_cursor *) *cursor);
+ /* We don't do anything with the file cache itself, so no need to lock
+ * anything. */
+ free(*cursor);
return 0;
}
krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id)
{
krb5_ccache lid;
- int ret;
- krb5_error_code kret = 0;
- krb5_fcc_data *data;
- krb5_int16 fcc_fvno = htons(context->fcc_default_format);
- krb5_int16 fcc_flen = 0;
+ int fd;
+ krb5_error_code ret;
+ fcc_data *data;
+ char fcc_fvno[2];
+ int16_t fcc_flen = 0;
int errsave, cnt;
struct fcc_set *setptr;
/* Set master lock */
k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
- ret = mkstemp(template);
- if (ret == -1) {
+ fd = mkstemp(template);
+ if (fd == -1) {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
- return krb5_fcc_interpret(context, errno);
+ return interpret_errno(context, errno);
}
- set_cloexec_fd(ret);
+ set_cloexec_fd(fd);
/* Allocate memory */
- data = (krb5_pointer) malloc(sizeof(krb5_fcc_data));
+ data = malloc(sizeof(fcc_data));
if (data == NULL) {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
- close(ret);
+ close(fd);
unlink(template);
return KRB5_CC_NOMEM;
}
if (data->filename == NULL) {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
free(data);
- close(ret);
+ close(fd);
unlink(template);
return KRB5_CC_NOMEM;
}
- kret = k5_cc_mutex_init(&data->lock);
- if (kret) {
+ ret = k5_cc_mutex_init(&data->lock);
+ if (ret) {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
free(data->filename);
free(data);
- close(ret);
+ close(fd);
unlink(template);
- return kret;
+ return ret;
}
k5_cc_mutex_lock(context, &data->lock);
* The file is initially closed at the end of this call...
*/
data->flags = 0;
- data->file = -1;
+ data->fd = -1;
data->valid_bytes = 0;
/* data->version,mode filled in for real later */
data->version = data->mode = 0;
-
/* Ignore user's umask, set mode = 0600 */
#ifndef HAVE_FCHMOD
#ifdef HAVE_CHMOD
chmod(data->filename, S_IRUSR | S_IWUSR);
#endif
#else
- fchmod(ret, S_IRUSR | S_IWUSR);
+ fchmod(fd, S_IRUSR | S_IWUSR);
#endif
- if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno)))
- != sizeof(fcc_fvno)) {
+ store_16_be(context->fcc_default_format, fcc_fvno);
+ cnt = write(fd, &fcc_fvno, 2);
+ if (cnt != 2) {
errsave = errno;
- (void) close(ret);
- (void) unlink(data->filename);
- kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
+ (void)close(fd);
+ (void)unlink(data->filename);
+ ret = (cnt == -1) ? interpret_errno(context, errsave) : KRB5_CC_IO;
goto err_out;
}
/* For version 4 we save a length for the rest of the header */
- if (context->fcc_default_format == KRB5_FCC_FVNO_4) {
- if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen)))
- != sizeof(fcc_flen)) {
+ if (context->fcc_default_format == FVNO_4) {
+ cnt = write(fd, &fcc_flen, sizeof(fcc_flen));
+ if (cnt != sizeof(fcc_flen)) {
errsave = errno;
- (void) close(ret);
- (void) unlink(data->filename);
- kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
+ (void)close(fd);
+ (void)unlink(data->filename);
+ ret = (cnt == -1) ? interpret_errno(context, errsave) : KRB5_CC_IO;
goto err_out;
}
}
- if (close(ret) == -1) {
+ if (close(fd) == -1) {
errsave = errno;
- (void) unlink(data->filename);
- kret = krb5_fcc_interpret(context, errsave);
+ (void)unlink(data->filename);
+ ret = interpret_errno(context, errsave);
goto err_out;
}
-
setptr = malloc(sizeof(struct fcc_set));
if (setptr == NULL) {
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
k5_cc_mutex_destroy(&data->lock);
free(data->filename);
free(data);
- (void) unlink(template);
+ (void)unlink(template);
return KRB5_CC_NOMEM;
}
setptr->refcount = 1;
k5_cc_mutex_assert_locked(context, &data->lock);
k5_cc_mutex_unlock(context, &data->lock);
- lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+ lid = malloc(sizeof(*lid));
if (lid == NULL) {
dereference(context, data);
return KRB5_CC_NOMEM;
lid->data = data;
lid->magic = KV5M_CCACHE;
- /* default to open/close on every trn - otherwise destroy
- will get as to state confused */
- ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE;
+ /* Default to open/close on every call. */
+ data->flags = KRB5_TC_OPENCLOSE;
*id = lid;
-
- krb5_change_cache ();
- return KRB5_OK;
+ krb5_change_cache();
+ return 0;
err_out:
k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
k5_cc_mutex_destroy(&data->lock);
free(data->filename);
free(data);
- return kret;
+ return ret;
}
/*
- * Effects:
- * Creates a new file cred cache whose name is guaranteed to be
- * unique. The name begins with the string TKT_ROOT (from fcc.h).
- * The cache is not opened, but the new filename is reserved.
- *
- * Returns:
- * The filled in krb5_ccache id.
- *
- * Errors:
- * KRB5_CC_NOMEM - there was insufficient memory to allocate the
- * krb5_ccache. id is undefined.
- * system errors (from open)
+ * Create a new file cred cache whose name is guaranteed to be unique. The
+ * name begins with the string TKT_ROOT (from fcc.h). The cache file is not
+ * opened, but the new filename is reserved.
*/
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_generate_new (krb5_context context, krb5_ccache *id)
+fcc_generate_new(krb5_context context, krb5_ccache *id)
{
- char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
- NUL */
+ char scratch[sizeof(TKT_ROOT) + 7]; /* Room for XXXXXX and terminator */
- (void) snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT);
+ (void)snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT);
return krb5int_fcc_new_unique(context, scratch, id);
}
-/*
- * Requires:
- * id is a file credential cache
- *
- * Returns:
- * The name of the file cred cache id.
- */
+/* Return an alias to the pathname of the cache file. */
static const char * KRB5_CALLCONV
-krb5_fcc_get_name (krb5_context context, krb5_ccache id)
+fcc_get_name(krb5_context context, krb5_ccache id)
{
- return (char *) ((krb5_fcc_data *) id->data)->filename;
+ return ((fcc_data *)id->data)->filename;
}
-/*
- * Modifies:
- * id, princ
- *
- * Effects:
- * Retrieves the primary principal from id, as set with
- * krb5_fcc_initialize. The principal is returned is allocated
- * storage that must be freed by the caller via krb5_free_principal.
- *
- * Errors:
- * system errors
- * KRB5_CC_NOMEM
- */
+/* Retrieve a copy of the default principal, if the cache is initialized. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
+fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
{
- krb5_error_code kret = KRB5_OK;
+ krb5_error_code ret;
- k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_lock(context, &((fcc_data *)id->data)->lock);
MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
/* make sure we're beyond the header */
- kret = krb5_fcc_skip_header(context, id);
- if (kret) goto done;
- kret = krb5_fcc_read_principal(context, id, princ);
+ ret = skip_header(context, id);
+ if (ret)
+ goto done;
+ ret = read_principal(context, id, princ);
done:
- MAYBE_CLOSE(context, id, kret);
- k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
- return kret;
+ MAYBE_CLOSE(context, id, ret);
+ k5_cc_mutex_unlock(context, &((fcc_data *)id->data)->lock);
+ return ret;
}
-
+/* Search for a credential within the cache file. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
+fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
+ krb5_creds *mcreds, krb5_creds *creds)
{
return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
creds);
}
-
-/*
- * Modifies:
- * the file cache
- *
- * Effects:
- * stores creds in the file cred cache
- *
- * Errors:
- * system errors
- * storage failure errors
- */
+/* Store a credential in the cache file. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
+fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
{
-#define TCHECK(ret) if (ret != KRB5_OK) goto lose;
+#define TCHECK(ret) if (ret) goto lose;
krb5_error_code ret;
- k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_lock(context, &((fcc_data *)id->data)->lock);
/* Make sure we are writing to the end of the file */
MAYBE_OPEN(context, id, FCC_OPEN_RDWR);
/* Make sure we are writing to the end of the file */
- ret = fcc_lseek((krb5_fcc_data *) id->data, (off_t) 0, SEEK_END);
+ ret = fcc_lseek(id->data, 0, SEEK_END);
if (ret < 0) {
- MAYBE_CLOSE_IGNORE(context, id);
- k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
- return krb5_fcc_interpret(context, errno);
+ if (OPENCLOSE(id))
+ (void)close_cache_file(context, id->data);
+ k5_cc_mutex_unlock(context, &((fcc_data *)id->data)->lock);
+ return interpret_errno(context, errno);
}
- ret = krb5_fcc_store_principal(context, id, creds->client);
+ ret = store_principal(context, id, creds->client);
TCHECK(ret);
- ret = krb5_fcc_store_principal(context, id, creds->server);
+ ret = store_principal(context, id, creds->server);
TCHECK(ret);
- ret = krb5_fcc_store_keyblock(context, id, &creds->keyblock);
+ ret = store_keyblock(context, id, &creds->keyblock);
TCHECK(ret);
- ret = krb5_fcc_store_times(context, id, &creds->times);
+ ret = store_times(context, id, &creds->times);
TCHECK(ret);
- ret = krb5_fcc_store_octet(context, id, (krb5_int32) creds->is_skey);
+ ret = store_octet(context, id, creds->is_skey);
TCHECK(ret);
- ret = krb5_fcc_store_int32(context, id, creds->ticket_flags);
+ ret = store32(context, id, creds->ticket_flags);
TCHECK(ret);
- ret = krb5_fcc_store_addrs(context, id, creds->addresses);
+ ret = store_addrs(context, id, creds->addresses);
TCHECK(ret);
- ret = krb5_fcc_store_authdata(context, id, creds->authdata);
+ ret = store_authdata(context, id, creds->authdata);
TCHECK(ret);
- ret = krb5_fcc_store_data(context, id, &creds->ticket);
+ ret = store_data(context, id, &creds->ticket);
TCHECK(ret);
- ret = krb5_fcc_store_data(context, id, &creds->second_ticket);
+ ret = store_data(context, id, &creds->second_ticket);
TCHECK(ret);
lose:
MAYBE_CLOSE(context, id, ret);
- k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
- krb5_change_cache ();
+ k5_cc_mutex_unlock(context, &((fcc_data *)id->data)->lock);
+ krb5_change_cache();
return ret;
#undef TCHECK
}
-/*
- * Non-functional stub implementation for krb5_fcc_remove
- *
- * Errors:
- * KRB5_CC_NOSUPP - not implemented
- */
+/* Non-functional stub for removing a cred from the cache file. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
- krb5_creds *creds)
+fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+ krb5_creds *creds)
{
return KRB5_CC_NOSUPP;
}
-/*
- * Requires:
- * id is a cred cache returned by krb5_fcc_resolve or
- * krb5_fcc_generate_new, but has not been opened by krb5_fcc_initialize.
- *
- * Modifies:
- * id
- *
- * Effects:
- * Sets the operational flags of id to flags.
- */
+/* Set flags for the ccache. Open the cache file if KRB5_TC_OPENCLOSE is
+ * turned off, or close it if it is turned on. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
+fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
{
- krb5_error_code ret = KRB5_OK;
+ fcc_data *data = id->data;
- k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
+ k5_cc_mutex_lock(context, &data->lock);
- /* XXX This should check for illegal combinations, if any.. */
if (flags & KRB5_TC_OPENCLOSE) {
- /* asking to turn on OPENCLOSE mode */
- if (!OPENCLOSE(id)
- /* XXX Is this test necessary? */
- && ((krb5_fcc_data *) id->data)->file != NO_FILE)
- (void) krb5_fcc_close_file (context, ((krb5_fcc_data *) id->data));
+ /* Asking to turn on OPENCLOSE mode. */
+ if (!OPENCLOSE(id))
+ (void)close_cache_file(context, data);
} else {
- /* asking to turn off OPENCLOSE mode, meaning it must be
- left open. We open if it's not yet open */
+ /* Asking to turn off OPENCLOSE mode, meaning it must be
+ * left open. We open if it's not yet open. */
MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
}
- ((krb5_fcc_data *) id->data)->flags = flags;
- k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
- return ret;
+ data->flags = flags;
+ k5_cc_mutex_unlock(context, &data->lock);
+ return 0;
}
-/*
- * Requires:
- * id is a cred cache returned by krb5_fcc_resolve or
- * krb5_fcc_generate_new, but has not been opened by krb5_fcc_initialize.
- *
- * Modifies:
- * id (mutex only; temporary)
- *
- * Effects:
- * Returns the operational flags of id.
- */
+/* Get the current flags for the cache. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
+fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
{
- k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
- *flags = ((krb5_fcc_data *) id->data)->flags;
- k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
+ fcc_data *data = id->data;
+
+ k5_cc_mutex_lock(context, &data->lock);
+ *flags = data->flags;
+ k5_cc_mutex_unlock(context, &data->lock);
return 0;
}
+/* Prepare to iterate over the caches in the per-type collection. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor)
+fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor)
{
- krb5_error_code ret = 0;
krb5_cc_ptcursor n = NULL;
struct krb5_fcc_ptcursor_data *cdata = NULL;
cdata->first = TRUE;
n->data = cdata;
*cursor = n;
- return ret;
+ return 0;
}
+/* Get the next cache in the per-type collection. The FILE per-type collection
+ * contains only the context's default cache if it is a file cache. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
- krb5_ccache *cache_out)
+fcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
+ krb5_ccache *cache_out)
{
krb5_error_code ret;
struct krb5_fcc_ptcursor_data *cdata = cursor->data;
return 0;
}
+/* Release a per-type collection iteration cursor. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_ptcursor_free(krb5_context context,
- krb5_cc_ptcursor *cursor)
+fcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
{
if (*cursor == NULL)
return 0;
return 0;
}
-/*
- * Modifies:
- * change_time
- *
- * Effects:
- * Returns the timestamp of id's file modification date.
- * If an error occurs, change_time is set to 0.
- */
+/* Get the cache file's last modification time. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_last_change_time(krb5_context context, krb5_ccache id,
- krb5_timestamp *change_time)
+fcc_last_change_time(krb5_context context, krb5_ccache id,
+ krb5_timestamp *change_time)
{
- krb5_error_code kret = KRB5_OK;
- krb5_fcc_data *data = (krb5_fcc_data *) id->data;
+ krb5_error_code ret = 0;
+ fcc_data *data = id->data;
+ struct stat buf;
+
+ *change_time = 0;
- kret = krb5_fcc_data_last_change_time(context, data, change_time);
+ k5_cc_mutex_lock(context, &data->lock);
- return kret;
+ if (stat(data->filename, &buf) == -1)
+ ret = interpret_errno(context, errno);
+ else
+ *change_time = (krb5_timestamp)buf.st_mtime;
+
+ k5_cc_mutex_unlock(context, &data->lock);
+
+ return ret;
}
+/* Lock the cache handle against other threads. (This does not lock the cache
+ * file against other processes.) */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_lock(krb5_context context, krb5_ccache id)
+fcc_lock(krb5_context context, krb5_ccache id)
{
- krb5_fcc_data *data = (krb5_fcc_data *) id->data;
+ fcc_data *data = id->data;
k5_cc_mutex_lock(context, &data->lock);
return 0;
}
+/* Unlock the cache handle. */
static krb5_error_code KRB5_CALLCONV
-krb5_fcc_unlock(krb5_context context, krb5_ccache id)
+fcc_unlock(krb5_context context, krb5_ccache id)
{
- krb5_fcc_data *data = (krb5_fcc_data *) id->data;
+ fcc_data *data = id->data;
k5_cc_mutex_unlock(context, &data->lock);
return 0;
}
+/* Translate a system errno value to a Kerberos com_err code. */
static krb5_error_code
-krb5_fcc_data_last_change_time(krb5_context context, krb5_fcc_data *data,
- krb5_timestamp *change_time)
+interpret_errno(krb5_context context, int errnum)
{
- krb5_error_code kret = KRB5_OK;
- register int ret;
-
- struct stat buf;
-
- *change_time = 0;
-
- k5_cc_mutex_lock(context, &data->lock);
-
- ret = stat(data->filename, &buf);
- if (ret == -1) {
- kret = krb5_fcc_interpret(context, errno);
- } else {
- *change_time = (krb5_timestamp) buf.st_mtime;
- }
-
- k5_cc_mutex_unlock(context, &data->lock);
-
- return kret;
-}
+ krb5_error_code ret;
-static krb5_error_code
-krb5_fcc_interpret(krb5_context context, int errnum)
-{
- register krb5_error_code retval;
switch (errnum) {
case ENOENT:
- retval = KRB5_FCC_NOFILE;
+ ret = KRB5_FCC_NOFILE;
break;
case EPERM:
case EACCES:
#ifdef EISDIR
- case EISDIR: /* Mac doesn't have EISDIR */
+ case EISDIR: /* Mac doesn't have EISDIR */
#endif
case ENOTDIR:
#ifdef ELOOP
- case ELOOP: /* Bad symlink is like no file. */
+ case ELOOP: /* Bad symlink is like no file. */
#endif
#ifdef ETXTBSY
case ETXTBSY:
#endif
case EBUSY:
case EROFS:
- retval = KRB5_FCC_PERM;
+ ret = KRB5_FCC_PERM;
break;
case EINVAL:
- case EEXIST: /* XXX */
+ case EEXIST:
case EFAULT:
case EBADF:
#ifdef ENAMETOOLONG
#ifdef EWOULDBLOCK
case EWOULDBLOCK:
#endif
- retval = KRB5_FCC_INTERNAL;
+ ret = KRB5_FCC_INTERNAL;
break;
#ifdef EDQUOT
case EDQUOT:
case EMFILE:
case ENXIO:
default:
- retval = KRB5_CC_IO; /* XXX */
- krb5_set_error_message(context, retval,
+ ret = KRB5_CC_IO;
+ krb5_set_error_message(context, ret,
_("Credentials cache I/O operation failed "
"(%s)"), strerror(errnum));
}
- return retval;
+ return ret;
}
const krb5_cc_ops krb5_fcc_ops = {
0,
"FILE",
- krb5_fcc_get_name,
- krb5_fcc_resolve,
- krb5_fcc_generate_new,
- krb5_fcc_initialize,
- krb5_fcc_destroy,
- krb5_fcc_close,
- krb5_fcc_store,
- krb5_fcc_retrieve,
- krb5_fcc_get_principal,
- krb5_fcc_start_seq_get,
- krb5_fcc_next_cred,
- krb5_fcc_end_seq_get,
- krb5_fcc_remove_cred,
- krb5_fcc_set_flags,
- krb5_fcc_get_flags,
- krb5_fcc_ptcursor_new,
- krb5_fcc_ptcursor_next,
- krb5_fcc_ptcursor_free,
+ fcc_get_name,
+ fcc_resolve,
+ fcc_generate_new,
+ fcc_initialize,
+ fcc_destroy,
+ fcc_close,
+ fcc_store,
+ fcc_retrieve,
+ fcc_get_principal,
+ fcc_start_seq_get,
+ fcc_next_cred,
+ fcc_end_seq_get,
+ fcc_remove_cred,
+ fcc_set_flags,
+ fcc_get_flags,
+ fcc_ptcursor_new,
+ fcc_ptcursor_next,
+ fcc_ptcursor_free,
NULL, /* move */
- krb5_fcc_last_change_time,
+ fcc_last_change_time,
NULL, /* wasdefault */
- krb5_fcc_lock,
- krb5_fcc_unlock,
+ fcc_lock,
+ fcc_unlock,
NULL, /* switch_to */
};
*/
krb5_error_code
-krb5_change_cache (void) {
-
+krb5_change_cache(void)
+{
PostMessage(HWND_BROADCAST, krb5_get_notification_message(), 0, 0);
-
return 0;
}
unsigned int KRB5_CALLCONV
-krb5_get_notification_message (void) {
+krb5_get_notification_message(void)
+{
static unsigned int message = 0;
if (message == 0)
#else /* _WIN32 */
krb5_error_code
-krb5_change_cache (void)
+krb5_change_cache(void)
{
return 0;
}
+
unsigned int
-krb5_get_notification_message (void)
+krb5_get_notification_message(void)
{
return 0;
}
const krb5_cc_ops krb5_cc_file_ops = {
0,
"FILE",
- krb5_fcc_get_name,
- krb5_fcc_resolve,
- krb5_fcc_generate_new,
- krb5_fcc_initialize,
- krb5_fcc_destroy,
- krb5_fcc_close,
- krb5_fcc_store,
- krb5_fcc_retrieve,
- krb5_fcc_get_principal,
- krb5_fcc_start_seq_get,
- krb5_fcc_next_cred,
- krb5_fcc_end_seq_get,
- krb5_fcc_remove_cred,
- krb5_fcc_set_flags,
- krb5_fcc_get_flags,
- krb5_fcc_ptcursor_new,
- krb5_fcc_ptcursor_next,
- krb5_fcc_ptcursor_free,
+ fcc_get_name,
+ fcc_resolve,
+ fcc_generate_new,
+ fcc_initialize,
+ fcc_destroy,
+ fcc_close,
+ fcc_store,
+ fcc_retrieve,
+ fcc_get_principal,
+ fcc_start_seq_get,
+ fcc_next_cred,
+ fcc_end_seq_get,
+ fcc_remove_cred,
+ fcc_set_flags,
+ fcc_get_flags,
+ fcc_ptcursor_new,
+ fcc_ptcursor_next,
+ fcc_ptcursor_free,
NULL, /* move */
- krb5_fcc_last_change_time,
+ fcc_last_change_time,
NULL, /* wasdefault */
- krb5_fcc_lock,
- krb5_fcc_unlock,
+ fcc_lock,
+ fcc_unlock,
NULL, /* switch_to */
};
#define KRCC_USER_ANCHOR "user"
#define KRCC_LEGACY_ANCHOR "legacy"
-#define KRB5_OK 0
-
/* Hopefully big enough to hold a serialized credential */
#define MAX_CRED_SIZE (1024*1024)
-#define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest
-#define CHECK(ret) if (ret != KRB5_OK) goto errout
-#define CHECK_OUT(ret) if (ret != KRB5_OK) return ret
+#define CHECK_N_GO(ret, errdest) if (ret) goto errdest
+#define CHECK(ret) if (ret) goto errout
+#define CHECK_OUT(ret) if (ret) return ret
-typedef struct _krb5_krcc_cursor
+typedef struct _krcc_cursor
{
- int numkeys;
- int currkey;
+ int numkeys;
+ int currkey;
key_serial_t princ_id;
key_serial_t offsets_id;
key_serial_t *keys;
-} *krb5_krcc_cursor;
+} *krcc_cursor;
/*
* This represents a credentials cache "file"
* this credentials cache "file". Each key
* in the keyring contains a separate key.
*/
-typedef struct _krb5_krcc_data
+typedef struct _krcc_data
{
- char *name; /* Name for this credentials cache */
+ char *name; /* Name for this credentials cache */
k5_cc_mutex lock; /* synchronization */
key_serial_t collection_id; /* collection containing this cache keyring */
key_serial_t cache_id; /* keyring representing ccache */
key_serial_t princ_id; /* key holding principal info */
krb5_timestamp changetime;
krb5_boolean is_legacy_type;
-} krb5_krcc_data;
+} krcc_data;
/* Passed internally to assure we don't go past the bounds of our buffer */
-typedef struct _krb5_krcc_buffer_cursor
+typedef struct _krcc_buffer_cursor
{
char *bpp;
char *endp;
size_t size; /* For dry-run length calculation */
-} krb5_krcc_bc;
+} krcc_bc;
/* Global mutex */
k5_cc_mutex krb5int_krcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER;
-/*
- * Internal functions (exported via the krb5_krcc_ops)
- */
-
extern const krb5_cc_ops krb5_krcc_ops;
-static const char *KRB5_CALLCONV krb5_krcc_get_name
-(krb5_context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_resolve
-(krb5_context, krb5_ccache * id, const char *residual);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_generate_new
-(krb5_context, krb5_ccache * id);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_initialize
-(krb5_context, krb5_ccache id, krb5_principal princ);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_destroy
-(krb5_context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_close
-(krb5_context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_store
-(krb5_context, krb5_ccache id, krb5_creds * creds);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_retrieve
-(krb5_context, krb5_ccache id, krb5_flags whichfields,
- krb5_creds * mcreds, krb5_creds * creds);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_get_principal
-(krb5_context, krb5_ccache id, krb5_principal * princ);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_start_seq_get
-(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_next_cred
-(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor,
- krb5_creds * creds);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_end_seq_get
-(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_remove_cred
-(krb5_context context, krb5_ccache cache, krb5_flags flags,
- krb5_creds * creds);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_set_flags
-(krb5_context, krb5_ccache id, krb5_flags flags);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_get_flags
-(krb5_context context, krb5_ccache id, krb5_flags * flags);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_last_change_time
-(krb5_context, krb5_ccache, krb5_timestamp *);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_lock
-(krb5_context context, krb5_ccache id);
-
-static krb5_error_code KRB5_CALLCONV krb5_krcc_unlock
-(krb5_context context, krb5_ccache id);
+static const char *KRB5_CALLCONV
+krcc_get_name(krb5_context context, krb5_ccache id);
-static krb5_error_code KRB5_CALLCONV krb5_krcc_ptcursor_new
-(krb5_context context, krb5_cc_ptcursor *cursor_out);
+static krb5_error_code KRB5_CALLCONV
+krcc_start_seq_get(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
-static krb5_error_code KRB5_CALLCONV krb5_krcc_ptcursor_next
-(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *cache_out);
+static krb5_error_code KRB5_CALLCONV
+krcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
+ krb5_creds *creds);
-static krb5_error_code KRB5_CALLCONV krb5_krcc_ptcursor_free
-(krb5_context context, krb5_cc_ptcursor *cursor);
+static krb5_error_code KRB5_CALLCONV
+krcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor);
-static krb5_error_code KRB5_CALLCONV krb5_krcc_switch_to
-(krb5_context context, krb5_ccache cache);
+static krb5_error_code KRB5_CALLCONV
+krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor);
-/*
- * Internal utility functions
- */
+static krb5_error_code clear_cache_keyring(krb5_context context,
+ krb5_ccache id);
-static krb5_error_code krb5_krcc_clearcache
-(krb5_context context, krb5_ccache id);
+static krb5_error_code make_krcc_data(const char *anchor_name,
+ const char *collection_name,
+ const char *subsidiary_name,
+ key_serial_t cache_id, key_serial_t
+ collection_id, krcc_data **datapp);
-static krb5_error_code krb5_krcc_new_data
-(const char *anchor_name, const char *collection_name,
- const char *subsidiary_name, key_serial_t cache_id,
- key_serial_t collection_id, krb5_krcc_data **datapp);
+static krb5_error_code save_principal(krb5_context context, krb5_ccache id,
+ krb5_principal princ);
-static krb5_error_code krb5_krcc_save_principal
-(krb5_context context, krb5_ccache id, krb5_principal princ);
+static krb5_error_code save_time_offsets(krb5_context context, krb5_ccache id,
+ int32_t time_offset,
+ int32_t usec_offset);
-static krb5_error_code krb5_krcc_retrieve_principal
-(krb5_context context, krb5_ccache id, krb5_principal * princ);
-static krb5_error_code krb5_krcc_save_time_offsets
-(krb5_context context, krb5_ccache id, krb5_int32 time_offset,
- krb5_int32 usec_offset);
-static krb5_error_code krb5_krcc_get_time_offsets
-(krb5_context context, krb5_ccache id, krb5_int32 *time_offset,
- krb5_int32 *usec_offset);
+static krb5_error_code get_time_offsets(krb5_context context, krb5_ccache id,
+ int32_t *time_offset,
+ int32_t *usec_offset);
/* Routines to parse a key from a keyring into a cred structure */
-static krb5_error_code krb5_krcc_parse
-(krb5_context, krb5_pointer buf, unsigned int len, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_cred
-(krb5_context context, krb5_creds * creds, char *payload, int psize);
-static krb5_error_code krb5_krcc_parse_principal
-(krb5_context context, krb5_principal * princ, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_keyblock
-(krb5_context context, krb5_keyblock * keyblock, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_times
-(krb5_context context, krb5_ticket_times * t, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_krb5data
-(krb5_context context, krb5_data * data, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_int32
-(krb5_context context, krb5_int32 * i, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_octet
-(krb5_context context, krb5_octet * octet, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_addrs
-(krb5_context context, krb5_address *** a, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_addr
-(krb5_context context, krb5_address * a, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_authdata
-(krb5_context context, krb5_authdata *** ad, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_authdatum
-(krb5_context context, krb5_authdata * ad, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_parse_ui_2
-(krb5_context, krb5_ui_2 * i, krb5_krcc_bc * bc);
+static krb5_error_code parse(krb5_context context, void *buf,
+ unsigned int len, krcc_bc *bc);
+static krb5_error_code parse_cred(krb5_context context, krb5_creds *creds,
+ char *payload, int psize);
+static krb5_error_code parse_principal(krb5_context context,
+ krb5_principal *princ, krcc_bc *bc);
+static krb5_error_code parse_keyblock(krb5_context context,
+ krb5_keyblock *keyblock, krcc_bc *bc);
+static krb5_error_code parse_times(krb5_context context, krb5_ticket_times *t,
+ krcc_bc *bc);
+static krb5_error_code parse_krb5data(krb5_context context, krb5_data *data,
+ krcc_bc *bc);
+static krb5_error_code parse_int32(krb5_context context, int32_t *i,
+ krcc_bc *bc);
+static krb5_error_code parse_octet(krb5_context context, krb5_octet *octet,
+ krcc_bc *bc);
+static krb5_error_code parse_addrs(krb5_context context, krb5_address ***a,
+ krcc_bc *bc);
+static krb5_error_code parse_addr(krb5_context context, krb5_address *a,
+ krcc_bc *bc);
+static krb5_error_code parse_authdata(krb5_context context,
+ krb5_authdata ***ad, krcc_bc *bc);
+static krb5_error_code parse_authdatum(krb5_context context,
+ krb5_authdata *ad, krcc_bc *bc);
+static krb5_error_code parse_uint16(krb5_context, uint16_t *i, krcc_bc *bc);
/* Routines to unparse a cred structure into keyring key */
-static krb5_error_code krb5_krcc_unparse
-(krb5_context, krb5_pointer buf, unsigned int len, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_cred_alloc
-(krb5_context context, krb5_creds * creds,
- char **datapp, unsigned int *lenptr);
-static krb5_error_code krb5_krcc_unparse_cred
-(krb5_context context, krb5_creds * creds, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_principal
-(krb5_context, krb5_principal princ, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_keyblock
-(krb5_context, krb5_keyblock * keyblock, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_times
-(krb5_context, krb5_ticket_times * t, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_krb5data
-(krb5_context, krb5_data * data, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_int32
-(krb5_context, krb5_int32 i, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_octet
-(krb5_context, krb5_int32 i, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_addrs
-(krb5_context, krb5_address ** a, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_addr
-(krb5_context, krb5_address * a, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_authdata
-(krb5_context, krb5_authdata ** ad, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_authdatum
-(krb5_context, krb5_authdata * ad, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_ui_4
-(krb5_context, krb5_ui_4 i, krb5_krcc_bc * bc);
-static krb5_error_code krb5_krcc_unparse_ui_2
-(krb5_context, krb5_int32 i, krb5_krcc_bc * bc);
-static void krb5_krcc_update_change_time
-(krb5_krcc_data *);
-
-static krb5_error_code
-krb5_krcc_parse_index(krb5_context context, krb5_int32 *version,
- char **primary, void *payload, int psize);
-static krb5_error_code
-krb5_krcc_unparse_index(krb5_context context, krb5_int32 version,
- const char *primary, void **datapp, int *lenptr);
-static krb5_error_code
-krb5_krcc_parse_offsets(krb5_context context, krb5_int32 *time_offset,
- krb5_int32 *usec_offset, void *payload, int psize);
-static krb5_error_code
-krb5_krcc_unparse_offsets(krb5_context context, krb5_int32 time_offset,
- krb5_int32 usec_offset, void **datapp, int *lenptr);
+static krb5_error_code unparse(krb5_context context, void *buf,
+ unsigned int len, krcc_bc * bc);
+static krb5_error_code unparse_cred_alloc(krb5_context context,
+ krb5_creds *creds, char **datapp,
+ unsigned int *lenptr);
+static krb5_error_code unparse_cred(krb5_context context, krb5_creds *creds,
+ krcc_bc *bc);
+static krb5_error_code unparse_principal(krb5_context, krb5_principal princ,
+ krcc_bc *bc);
+static krb5_error_code unparse_keyblock(krb5_context, krb5_keyblock *keyblock,
+ krcc_bc *bc);
+static krb5_error_code unparse_times(krb5_context, krb5_ticket_times *t,
+ krcc_bc *bc);
+static krb5_error_code unparse_krb5data(krb5_context, krb5_data *data,
+ krcc_bc *bc);
+static krb5_error_code unparse_int32(krb5_context context, int32_t i,
+ krcc_bc *bc);
+static krb5_error_code unparse_octet(krb5_context context, int32_t i,
+ krcc_bc *bc);
+static krb5_error_code unparse_addrs(krb5_context context, krb5_address **a,
+ krcc_bc *bc);
+static krb5_error_code unparse_addr(krb5_context context, krb5_address *a,
+ krcc_bc *bc);
+static krb5_error_code unparse_authdata(krb5_context context,
+ krb5_authdata **ad, krcc_bc *bc);
+static krb5_error_code unparse_authdatum(krb5_context context,
+ krb5_authdata *ad, krcc_bc *bc);
+static krb5_error_code unparse_uint32(krb5_context context, uint32_t i,
+ krcc_bc *bc);
+static krb5_error_code unparse_uint16(krb5_context, int32_t i, krcc_bc *bc);
+static void krcc_update_change_time(krcc_data *d);
+
+static krb5_error_code parse_index(krb5_context context, int32_t *version,
+ char **primary, void *payload, int psize);
+static krb5_error_code unparse_index(krb5_context context, int32_t version,
+ const char *primary, void **datapp,
+ int *lenptr);
+static krb5_error_code parse_offsets(krb5_context context,
+ int32_t *time_offset,
+ int32_t *usec_offset, void *payload,
+ int psize);
+static krb5_error_code unparse_offsets(krb5_context context,
+ int32_t time_offset,
+ int32_t usec_offset, void **datapp,
+ int *lenptr);
/* Note the following is a stub function for Linux */
extern krb5_error_code krb5_change_cache(void);
void *payload = NULL;
int payloadlen;
- ret = krb5_krcc_unparse_index(context, KRCC_COLLECTION_VERSION,
- subsidiary_name, &payload, &payloadlen);
+ ret = unparse_index(context, KRCC_COLLECTION_VERSION, subsidiary_name,
+ &payload, &payloadlen);
if (ret)
return ret;
key = add_key(KRCC_KEY_TYPE_USER, KRCC_COLLECTION_PRIMARY,
key_serial_t primary_id, legacy;
void *payload = NULL;
int payloadlen;
- krb5_int32 version;
+ int32_t version;
char *subsidiary_name = NULL;
*subsidiary_out = NULL;
ret = errno;
goto cleanup;
}
- ret = krb5_krcc_parse_index(context, &version, &subsidiary_name,
- payload, payloadlen);
+ ret = parse_index(context, &version, &subsidiary_name, payload,
+ payloadlen);
if (ret)
goto cleanup;
goto cleanup;
}
*cache_id_out = key;
- ret = KRB5_OK;
+ ret = 0;
cleanup:
k5_cc_mutex_unlock(context, &krb5int_krcc_mutex);
return ret;
static void
update_keyring_expiration(krb5_context context, krb5_ccache id)
{
- krb5_krcc_data *d = (krb5_krcc_data *)id->data;
+ krcc_data *data = id->data;
krb5_cc_cursor cursor;
krb5_creds creds;
krb5_timestamp now, endtime = 0;
*/
/* Find the maximum endtime of all creds in the cache. */
- if (krb5_krcc_start_seq_get(context, id, &cursor) != 0)
+ if (krcc_start_seq_get(context, id, &cursor) != 0)
return;
for (;;) {
- if (krb5_krcc_next_cred(context, id, &cursor, &creds) != 0)
+ if (krcc_next_cred(context, id, &cursor, &creds) != 0)
break;
if (creds.times.endtime > endtime)
endtime = creds.times.endtime;
krb5_free_cred_contents(context, &creds);
}
- (void)krb5_krcc_end_seq_get(context, id, &cursor);
+ (void)krcc_end_seq_get(context, id, &cursor);
if (endtime == 0) /* No creds with end times */
return;
/* Setting the timeout to zero would reset the timeout, so we set it to one
* second instead if creds are already expired. */
timeout = (endtime > now) ? endtime - now : 1;
- (void)keyctl_set_timeout(d->cache_id, timeout);
+ (void)keyctl_set_timeout(data->cache_id, timeout);
}
-/*
- * Modifies:
- * id
- *
- * Effects:
- * Creates/refreshes the cred cache id. If the cache exists, its
- * contents are destroyed.
- *
- * Errors:
- * system errors
- * permission errors
- */
-
+/* Create or overwrite the cache keyring, and set the default principal. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_initialize(krb5_context context, krb5_ccache id,
- krb5_principal princ)
+krcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
{
- krb5_krcc_data *data = (krb5_krcc_data *)id->data;
+ krcc_data *data = (krcc_data *)id->data;
krb5_os_context os_ctx = &context->os_context;
- krb5_error_code kret;
+ krb5_error_code ret;
const char *cache_name, *p;
- DEBUG_PRINT(("krb5_krcc_initialize: entered\n"));
-
k5_cc_mutex_lock(context, &data->lock);
- kret = krb5_krcc_clearcache(context, id);
- if (kret != KRB5_OK)
+ ret = clear_cache_keyring(context, id);
+ if (ret)
goto out;
if (!data->cache_id) {
* key if it still isn't there. */
p = strrchr(data->name, ':');
cache_name = (p != NULL) ? p + 1 : data->name;
- kret = find_or_create_keyring(data->collection_id, 0, cache_name,
- &data->cache_id);
- if (kret)
+ ret = find_or_create_keyring(data->collection_id, 0, cache_name,
+ &data->cache_id);
+ if (ret)
goto out;
}
if (is_legacy_cache_name(data->name))
(void)keyctl_link(data->cache_id, session_write_anchor());
- kret = krb5_krcc_save_principal(context, id, princ);
+ ret = save_principal(context, id, princ);
/* Save time offset if it is valid and this is not a legacy cache. Legacy
* applications would fail to parse the new key in the cache keyring. */
if (!is_legacy_cache_name(data->name) &&
(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
- kret = krb5_krcc_save_time_offsets(context, id, os_ctx->time_offset,
- os_ctx->usec_offset);
+ ret = save_time_offsets(context, id, os_ctx->time_offset,
+ os_ctx->usec_offset);
}
- if (kret == KRB5_OK)
+ if (ret == 0)
krb5_change_cache();
out:
k5_cc_mutex_unlock(context, &data->lock);
- return kret;
+ return ret;
}
-/*
- * Modifies:
- * id
- *
- * Effects:
- * Invalidates the id, and frees any resources associated with the cache.
- * (Does NOT destroy the underlying ccache in the keyring.)
- */
+/* Release the ccache handle. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_close(krb5_context context, krb5_ccache id)
+krcc_close(krb5_context context, krb5_ccache id)
{
- krb5_krcc_data *d;
-
- DEBUG_PRINT(("krb5_krcc_close: entered\n"));
-
- d = (krb5_krcc_data *) id->data;
-
- free(d->name);
- k5_cc_mutex_destroy(&d->lock);
- free(d);
+ krcc_data *data = id->data;
+ k5_cc_mutex_destroy(&data->lock);
+ free(data->name);
+ free(data);
free(id);
-
- return KRB5_OK;
+ return 0;
}
-/*
- * Modifies:
- * id
- *
- * Effects:
- * Clears out a ccache keyring, unlinking all keys within it
- * (Including the "hidden" key with the principal information)
- *
- * Requires:
- * Must be called with mutex locked.
- *
- * Errors:
- * system errors
- */
-
-static krb5_error_code
-krb5_krcc_clearcache(krb5_context context, krb5_ccache id)
+/* Clear out a ccache keyring, unlinking all keys within it. Call with the
+ * mutex locked. */
+static krb5_error_code
+clear_cache_keyring(krb5_context context, krb5_ccache id)
{
- krb5_krcc_data *d;
- int res;
+ krcc_data *data = id->data;
+ int res;
- k5_cc_mutex_assert_locked(context, &((krb5_krcc_data *) id->data)->lock);
+ k5_cc_mutex_assert_locked(context, &data->lock);
- d = (krb5_krcc_data *) id->data;
+ DEBUG_PRINT(("clear_cache_keyring: cache_id %d, princ_id %d\n",
+ data->cache_id, data->princ_id));
- DEBUG_PRINT(("krb5_krcc_clearcache: cache_id %d, princ_id %d\n",
- d->cache_id, d->princ_id));
-
- if (d->cache_id) {
- res = keyctl_clear(d->cache_id);
+ if (data->cache_id) {
+ res = keyctl_clear(data->cache_id);
if (res != 0)
return errno;
}
- d->princ_id = 0;
- krb5_krcc_update_change_time(d);
+ data->princ_id = 0;
+ krcc_update_change_time(data);
- return KRB5_OK;
+ return 0;
}
-/*
- * Effects:
- * Destroys the contents of id.
- *
- * Errors:
- * system errors
- */
+/* Destroy the cache keyring and release the handle. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_destroy(krb5_context context, krb5_ccache id)
+krcc_destroy(krb5_context context, krb5_ccache id)
{
- krb5_error_code kret = 0;
- krb5_krcc_data *d;
- int res;
+ krb5_error_code ret = 0;
+ krcc_data *data = id->data;
+ int res;
- DEBUG_PRINT(("krb5_krcc_destroy: entered\n"));
-
- d = (krb5_krcc_data *) id->data;
-
- k5_cc_mutex_lock(context, &d->lock);
+ k5_cc_mutex_lock(context, &data->lock);
- krb5_krcc_clearcache(context, id);
- if (d->cache_id) {
- res = keyctl_unlink(d->cache_id, d->collection_id);
+ clear_cache_keyring(context, id);
+ if (data->cache_id) {
+ res = keyctl_unlink(data->cache_id, data->collection_id);
if (res < 0) {
- kret = errno;
- DEBUG_PRINT(("unlinking key %d from ring %d: %s",
- d->cache_id, d->collection_id, error_message(errno)));
+ ret = errno;
+ DEBUG_PRINT(("unlinking key %d from ring %d: %s", data->cache_id,
+ data->collection_id, error_message(errno)));
}
/* If this is a legacy cache, unlink it from the session anchor. */
- if (is_legacy_cache_name(d->name))
- (void)keyctl_unlink(d->cache_id, session_write_anchor());
+ if (is_legacy_cache_name(data->name))
+ (void)keyctl_unlink(data->cache_id, session_write_anchor());
}
- k5_cc_mutex_unlock(context, &d->lock);
- k5_cc_mutex_destroy(&d->lock);
- free(d->name);
- free(d);
+ k5_cc_mutex_unlock(context, &data->lock);
+ k5_cc_mutex_destroy(&data->lock);
+ free(data->name);
+ free(data);
free(id);
-
krb5_change_cache();
-
- return kret;
+ return ret;
}
/* Create a cache handle for a cache ID. */
krb5_error_code ret;
krb5_os_context os_ctx = &context->os_context;
krb5_ccache ccache = NULL;
- krb5_krcc_data *d;
+ krcc_data *data;
key_serial_t pkey = 0;
/* Determine the key containing principal information, if present. */
if (!ccache)
return ENOMEM;
- ret = krb5_krcc_new_data(anchor_name, collection_name, subsidiary_name,
- cache_id, collection_id, &d);
+ ret = make_krcc_data(anchor_name, collection_name, subsidiary_name,
+ cache_id, collection_id, &data);
if (ret) {
free(ccache);
return ret;
}
- d->princ_id = pkey;
+ data->princ_id = pkey;
ccache->ops = &krb5_krcc_ops;
- ccache->data = d;
+ ccache->data = data;
ccache->magic = KV5M_CCACHE;
*cache_out = ccache;
- /* Lookup time offsets if necessary. */
+ /* Look up time offsets if necessary. */
if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
!(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
- if (krb5_krcc_get_time_offsets(context, ccache,
- &os_ctx->time_offset,
- &os_ctx->usec_offset) == 0) {
+ if (get_time_offsets(context, ccache, &os_ctx->time_offset,
+ &os_ctx->usec_offset) == 0) {
os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME;
os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID;
}
return 0;
}
-/*
- * Requires:
- * residual is a legal path name, and a null-terminated string
- *
- * Modifies:
- * id
- *
- * Effects:
- * creates a cred cache that will reside in the keyring with
- * a name of <residual>.
- *
- * Returns:
- * A filled in krb5_ccache structure "id".
- *
- * Errors:
- * KRB5_CC_NOMEM - there was insufficient memory to allocate the
- * krb5_ccache. id is undefined.
- * permission errors
- */
-
+/* Create a keyring ccache handle for the given residual string. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
+krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
{
krb5_error_code ret;
key_serial_t collection_id, cache_id;
return ret;
}
-/*
- * Effects:
- * Prepares for a sequential search of the credentials cache.
- * Returns a krb5_cc_cursor to be used with krb5_krcc_next_cred and
- * krb5_krcc_end_seq_get.
- *
- * If the cache is modified between the time of this call and the time
- * of the final krb5_krcc_end_seq_get, the results are undefined.
- *
- * Errors:
- * KRB5_CC_NOMEM
- * system errors
- */
+/* Prepare for a sequential iteration over the cache keyring. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id,
- krb5_cc_cursor * cursor)
+krcc_start_seq_get(krb5_context context, krb5_ccache id,
+ krb5_cc_cursor *cursor)
{
- krb5_krcc_cursor krcursor;
- krb5_krcc_data *d;
+ krcc_cursor krcursor;
+ krcc_data *data = id->data;
void *keys;
long size;
- DEBUG_PRINT(("krb5_krcc_start_seq_get: entered\n"));
-
- d = id->data;
- k5_cc_mutex_lock(context, &d->lock);
+ k5_cc_mutex_lock(context, &data->lock);
- if (!d->cache_id) {
- k5_cc_mutex_unlock(context, &d->lock);
+ if (!data->cache_id) {
+ k5_cc_mutex_unlock(context, &data->lock);
return KRB5_FCC_NOFILE;
}
- size = keyctl_read_alloc(d->cache_id, &keys);
+ size = keyctl_read_alloc(data->cache_id, &keys);
if (size == -1) {
DEBUG_PRINT(("Error getting from keyring: %s\n", strerror(errno)));
- k5_cc_mutex_unlock(context, &d->lock);
+ k5_cc_mutex_unlock(context, &data->lock);
return KRB5_CC_IO;
}
krcursor = calloc(1, sizeof(*krcursor));
if (krcursor == NULL) {
free(keys);
- k5_cc_mutex_unlock(context, &d->lock);
+ k5_cc_mutex_unlock(context, &data->lock);
return KRB5_CC_NOMEM;
}
- krcursor->princ_id = d->princ_id;
- krcursor->offsets_id = keyctl_search(d->cache_id, KRCC_KEY_TYPE_USER,
+ krcursor->princ_id = data->princ_id;
+ krcursor->offsets_id = keyctl_search(data->cache_id, KRCC_KEY_TYPE_USER,
KRCC_TIME_OFFSETS, 0);
krcursor->numkeys = size / sizeof(key_serial_t);
krcursor->keys = keys;
- k5_cc_mutex_unlock(context, &d->lock);
- *cursor = (krb5_cc_cursor) krcursor;
- return KRB5_OK;
+ k5_cc_mutex_unlock(context, &data->lock);
+ *cursor = krcursor;
+ return 0;
}
-/*
- * Requires:
- * cursor is a krb5_cc_cursor originally obtained from
- * krb5_krcc_start_seq_get.
- *
- * Modifes:
- * cursor, creds
- *
- * Effects:
- * Fills in creds with the "next" credentals structure from the cache
- * id. The actual order the creds are returned in is arbitrary.
- * Space is allocated for the variable length fields in the
- * credentials structure, so the object returned must be passed to
- * krb5_destroy_credential.
- *
- * The cursor is updated for the next call to krb5_krcc_next_cred.
- *
- * Errors:
- * system errors
- */
+/* Get the next credential from the cache keyring. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_next_cred(krb5_context context, krb5_ccache id,
- krb5_cc_cursor * cursor, krb5_creds * creds)
+krcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
+ krb5_creds *creds)
{
- krb5_krcc_cursor krcursor;
- krb5_error_code kret;
- int psize;
- void *payload = NULL;
+ krcc_cursor krcursor;
+ krb5_error_code ret;
+ int psize;
+ void *payload = NULL;
- DEBUG_PRINT(("krb5_krcc_next_cred: entered\n"));
+ memset(creds, 0, sizeof(krb5_creds));
- /*
- * The cursor has the entire list of keys.
- * (Note that we don't support _remove_cred.)
- */
- krcursor = (krb5_krcc_cursor) * cursor;
+ /* The cursor has the entire list of keys. (Note that we don't support
+ * remove_cred.) */
+ krcursor = *cursor;
if (krcursor == NULL)
return KRB5_CC_END;
- memset(creds, 0, sizeof(krb5_creds));
- /* If we're pointing past the end of the keys array, there are no more */
+ /* If we're pointing past the end of the keys array, there are no more. */
if (krcursor->currkey >= krcursor->numkeys)
return KRB5_CC_END;
return KRB5_CC_END;
}
- /* Read the key, the right size buffer will ba allocated and returned */
+ /* Read the key; the right size buffer will be allocated and returned. */
psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey], &payload);
if (psize == -1) {
DEBUG_PRINT(("Error reading key %d: %s\n",
krcursor->keys[krcursor->currkey],
strerror(errno)));
- kret = KRB5_FCC_NOFILE;
- goto freepayload;
+ return KRB5_FCC_NOFILE;
}
krcursor->currkey++;
- kret = krb5_krcc_parse_cred(context, creds, payload, psize);
-
-freepayload:
- if (payload) free(payload);
- return kret;
+ ret = parse_cred(context, creds, payload, psize);
+ free(payload);
+ return ret;
}
-/*
- * Requires:
- * cursor is a krb5_cc_cursor originally obtained from
- * krb5_krcc_start_seq_get.
- *
- * Modifies:
- * id, cursor
- *
- * Effects:
- * Finishes sequential processing of the keyring credentials ccache id,
- * and invalidates the cursor (it must never be used after this call).
- */
-/* ARGSUSED */
+/* Release an iteration cursor. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_end_seq_get(krb5_context context, krb5_ccache id,
- krb5_cc_cursor * cursor)
+krcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
{
- krb5_krcc_cursor krcursor = (krb5_krcc_cursor)*cursor;
- DEBUG_PRINT(("krb5_krcc_end_seq_get: entered\n"));
+ krcc_cursor krcursor = *cursor;
if (krcursor != NULL) {
free(krcursor->keys);
free(krcursor);
}
*cursor = NULL;
- return KRB5_OK;
+ return 0;
}
-/* Utility routine: Creates the back-end data for a keyring cache.
-
- Call with the global list lock held. */
+/* Create keyring data for a credential cache. */
static krb5_error_code
-krb5_krcc_new_data(const char *anchor_name, const char *collection_name,
- const char *subsidiary_name, key_serial_t cache_id,
- key_serial_t collection_id, krb5_krcc_data **datapp)
+make_krcc_data(const char *anchor_name, const char *collection_name,
+ const char *subsidiary_name, key_serial_t cache_id,
+ key_serial_t collection_id, krcc_data **data_out)
{
- krb5_error_code kret;
- krb5_krcc_data *d;
+ krb5_error_code ret;
+ krcc_data *data;
- d = malloc(sizeof(krb5_krcc_data));
- if (d == NULL)
+ *data_out = NULL;
+
+ data = malloc(sizeof(krcc_data));
+ if (data == NULL)
return KRB5_CC_NOMEM;
- kret = k5_cc_mutex_init(&d->lock);
- if (kret) {
- free(d);
- return kret;
+ ret = k5_cc_mutex_init(&data->lock);
+ if (ret) {
+ free(data);
+ return ret;
}
- kret = make_subsidiary_residual(anchor_name, collection_name,
- subsidiary_name, &d->name);
- if (kret) {
- k5_cc_mutex_destroy(&d->lock);
- free(d);
- return kret;
+ ret = make_subsidiary_residual(anchor_name, collection_name,
+ subsidiary_name, &data->name);
+ if (ret) {
+ k5_cc_mutex_destroy(&data->lock);
+ free(data);
+ return ret;
}
- d->princ_id = 0;
- d->cache_id = cache_id;
- d->collection_id = collection_id;
- d->changetime = 0;
- d->is_legacy_type = (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0);
- krb5_krcc_update_change_time(d);
-
- *datapp = d;
+ data->princ_id = 0;
+ data->cache_id = cache_id;
+ data->collection_id = collection_id;
+ data->changetime = 0;
+ data->is_legacy_type = (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0);
+ krcc_update_change_time(data);
+
+ *data_out = data;
return 0;
}
-/*
- * Effects:
- * Creates a new keyring cred cache whose name is guaranteed to be
- * unique.
- *
- * Returns:
- * The filled in krb5_ccache id.
- *
- * Errors:
- * KRB5_CC_NOMEM - there was insufficient memory to allocate the
- * krb5_ccache. id is undefined.
- */
+/* Create a new keyring cache with a unique name. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_generate_new(krb5_context context, krb5_ccache * id)
+krcc_generate_new(krb5_context context, krb5_ccache *id_out)
{
- krb5_ccache lid = NULL;
- krb5_error_code kret;
+ krb5_ccache id = NULL;
+ krb5_error_code ret;
char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
char *new_subsidiary_name = NULL, *new_residual = NULL;
- krb5_krcc_data *d;
+ krcc_data *data;
key_serial_t collection_id;
key_serial_t cache_id = 0;
- DEBUG_PRINT(("krb5_krcc_generate_new: entered\n"));
+ *id_out = NULL;
/* Determine the collection in which we will create the cache.*/
- kret = get_default(context, &anchor_name, &collection_name,
- &subsidiary_name);
- if (kret)
- return kret;
+ ret = get_default(context, &anchor_name, &collection_name,
+ &subsidiary_name);
+ if (ret)
+ return ret;
if (anchor_name == NULL) {
- kret = parse_residual(KRCC_DEFAULT_UNIQUE_COLLECTION, &anchor_name,
- &collection_name, &subsidiary_name);
- if (kret)
- return kret;
+ ret = parse_residual(KRCC_DEFAULT_UNIQUE_COLLECTION, &anchor_name,
+ &collection_name, &subsidiary_name);
+ if (ret)
+ return ret;
}
if (subsidiary_name != NULL) {
krb5_set_error_message(context, KRB5_DCC_CANNOT_CREATE,
_("Can't create new subsidiary cache because "
"default cache is already a subsdiary"));
- kret = KRB5_DCC_CANNOT_CREATE;
+ ret = KRB5_DCC_CANNOT_CREATE;
goto cleanup;
}
/* Allocate memory */
- lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
- if (lid == NULL) {
- kret = ENOMEM;
+ id = malloc(sizeof(struct _krb5_ccache));
+ if (id == NULL) {
+ ret = ENOMEM;
goto cleanup;
}
- lid->ops = &krb5_krcc_ops;
+ id->ops = &krb5_krcc_ops;
/* Make a unique keyring within the chosen collection. */
- kret = get_collection(anchor_name, collection_name, &collection_id);
- if (kret)
+ ret = get_collection(anchor_name, collection_name, &collection_id);
+ if (ret)
goto cleanup;
- kret = unique_keyring(context, collection_id, &new_subsidiary_name,
- &cache_id);
- if (kret)
+ ret = unique_keyring(context, collection_id, &new_subsidiary_name,
+ &cache_id);
+ if (ret)
goto cleanup;
- kret = krb5_krcc_new_data(anchor_name, collection_name,
- new_subsidiary_name, cache_id, collection_id,
- &d);
- if (kret)
+ ret = make_krcc_data(anchor_name, collection_name, new_subsidiary_name,
+ cache_id, collection_id, &data);
+ if (ret)
goto cleanup;
- lid->data = d;
+ id->data = data;
krb5_change_cache();
cleanup:
free(subsidiary_name);
free(new_subsidiary_name);
free(new_residual);
- if (kret) {
- free(lid);
- return kret;
+ if (ret) {
+ free(id);
+ return ret;
}
- *id = lid;
- return KRB5_OK;
+ *id_out = id;
+ return 0;
}
-/*
- * Requires:
- * id is a keyring credential cache
- *
- * Returns:
- * The name of the keyring cred cache id.
- */
+/* Return an alias to the residual string of the cache. */
static const char *KRB5_CALLCONV
-krb5_krcc_get_name(krb5_context context, krb5_ccache id)
+krcc_get_name(krb5_context context, krb5_ccache id)
{
- DEBUG_PRINT(("krb5_krcc_get_name: entered\n"));
- return (char *) ((krb5_krcc_data *) id->data)->name;
+ return ((krcc_data *)id->data)->name;
}
-/*
- * Modifies:
- * id, princ
- *
- * Effects:
- * Retrieves the primary principal from id, as set with
- * krb5_krcc_initialize. The principal is returned is allocated
- * storage that must be freed by the caller via krb5_free_principal.
- *
- * Errors:
- * system errors
- * KRB5_CC_NOMEM
- */
+/* Retrieve a copy of the default principal, if the cache is initialized. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_get_principal(krb5_context context, krb5_ccache id,
- krb5_principal * princ)
+krcc_get_principal(krb5_context context, krb5_ccache id,
+ krb5_principal *princ_out)
{
- DEBUG_PRINT(("krb5_krcc_get_principal: entered\n"));
+ krcc_data *data = id->data;
+ krb5_error_code ret;
+ void *payload = NULL;
+ int psize;
+ krcc_bc bc;
+
+ *princ_out = NULL;
+ k5_cc_mutex_lock(context, &data->lock);
+
+ if (!data->cache_id || !data->princ_id) {
+ ret = KRB5_FCC_NOFILE;
+ krb5_set_error_message(context, ret,
+ _("Credentials cache keyring '%s' not found"),
+ data->name);
+ goto errout;
+ }
+
+ psize = keyctl_read_alloc(data->princ_id, &payload);
+ if (psize == -1) {
+ DEBUG_PRINT(("Reading principal key %d: %s\n",
+ data->princ_id, strerror(errno)));
+ ret = KRB5_CC_IO;
+ goto errout;
+ }
+ bc.bpp = payload;
+ bc.endp = (char *)payload + psize;
+ ret = parse_principal(context, princ_out, &bc);
- return krb5_krcc_retrieve_principal(context, id, princ);
+errout:
+ free(payload);
+ k5_cc_mutex_unlock(context, &data->lock);
+ return ret;
}
+/* Search for a credential within the cache keyring. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_retrieve(krb5_context context, krb5_ccache id,
- krb5_flags whichfields, krb5_creds * mcreds,
- krb5_creds * creds)
+krcc_retrieve(krb5_context context, krb5_ccache id,
+ krb5_flags whichfields, krb5_creds *mcreds,
+ krb5_creds *creds)
{
- DEBUG_PRINT(("krb5_krcc_retrieve: entered\n"));
-
return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
creds);
}
-/*
- * Non-functional stub implementation for krb5_krcc_remove
- *
- * Errors:
- * KRB5_CC_NOSUPP - not implemented
- */
+/* Non-functional stub for removing a cred from the cache keyring. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_remove_cred(krb5_context context, krb5_ccache cache,
- krb5_flags flags, krb5_creds * creds)
+krcc_remove_cred(krb5_context context, krb5_ccache cache,
+ krb5_flags flags, krb5_creds *creds)
{
- DEBUG_PRINT(("krb5_krcc_remove_cred: entered (returning KRB5_CC_NOSUPP)\n"));
-
return KRB5_CC_NOSUPP;
}
-/*
- * Requires:
- * id is a cred cache returned by krb5_krcc_resolve or
- * krb5_krcc_generate_new, but has not been opened by krb5_krcc_initialize.
- *
- * Modifies:
- * id
- *
- * Effects:
- * Sets the operational flags of id to flags.
- */
+/* Set flags on the cache. (We don't care about any flags.) */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
+krcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
{
- DEBUG_PRINT(("krb5_krcc_set_flags: entered\n"));
-
- return KRB5_OK;
+ return 0;
}
+/* Get the current operational flags (of which we have none) for the cache. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags * flags)
+krcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags_out)
{
- DEBUG_PRINT(("krb5_krcc_get_flags: entered\n"));
-
- *flags = 0;
- return KRB5_OK;
+ *flags_out = 0;
+ return 0;
}
-/* store: Save away creds in the ccache keyring. */
+/* Store a credential in the cache keyring. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_store(krb5_context context, krb5_ccache id, krb5_creds * creds)
+krcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
{
- krb5_error_code kret;
- krb5_krcc_data *d = (krb5_krcc_data *) id->data;
- char *payload = NULL;
+ krb5_error_code ret;
+ krcc_data *data = id->data;
+ char *payload = NULL, *keyname = NULL;
unsigned int payloadlen;
- char *keyname = NULL;
key_serial_t cred_key;
krb5_timestamp now;
- DEBUG_PRINT(("krb5_krcc_store: entered\n"));
-
- k5_cc_mutex_lock(context, &d->lock);
+ k5_cc_mutex_lock(context, &data->lock);
- if (!d->cache_id) {
- k5_cc_mutex_unlock(context, &d->lock);
+ if (!data->cache_id) {
+ k5_cc_mutex_unlock(context, &data->lock);
return KRB5_FCC_NOFILE;
}
/* Get the service principal name and use it as the key name */
- kret = krb5_unparse_name(context, creds->server, &keyname);
- if (kret) {
- DEBUG_PRINT(("Error unparsing service principal name!\n"));
+ ret = krb5_unparse_name(context, creds->server, &keyname);
+ if (ret)
goto errout;
- }
/* Serialize credential into memory */
- kret = krb5_krcc_unparse_cred_alloc(context, creds, &payload, &payloadlen);
- if (kret != KRB5_OK)
+ ret = unparse_cred_alloc(context, creds, &payload, &payloadlen);
+ if (ret)
goto errout;
/* Add new key (credentials) into keyring */
- DEBUG_PRINT(("krb5_krcc_store: adding new key '%s' to keyring %d\n",
- keyname, d->cache_id));
- kret = add_cred_key(keyname, payload, payloadlen, d->cache_id,
- d->is_legacy_type, &cred_key);
- if (kret)
+ DEBUG_PRINT(("krcc_store: adding new key '%s' to keyring %d\n",
+ keyname, data->cache_id));
+ ret = add_cred_key(keyname, payload, payloadlen, data->cache_id,
+ data->is_legacy_type, &cred_key);
+ if (ret)
goto errout;
- krb5_krcc_update_change_time(d);
+ krcc_update_change_time(data);
/* Set appropriate timeouts on cache keys. */
- kret = krb5_timeofday(context, &now);
- if (kret)
+ ret = krb5_timeofday(context, &now);
+ if (ret)
goto errout;
if (creds->times.endtime > now)
update_keyring_expiration(context, id);
- kret = KRB5_OK;
-
errout:
- if (keyname)
- krb5_free_unparsed_name(context, keyname);
- if (payload)
- free(payload);
-
- k5_cc_mutex_unlock(context, &d->lock);
- return kret;
+ krb5_free_unparsed_name(context, keyname);
+ free(payload);
+ k5_cc_mutex_unlock(context, &data->lock);
+ return ret;
}
+/* Get the cache's last modification time. (This is currently broken; it
+ * returns only the last change made using this handle.) */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_last_change_time(krb5_context context, krb5_ccache id,
- krb5_timestamp *change_time)
+krcc_last_change_time(krb5_context context, krb5_ccache id,
+ krb5_timestamp *change_time)
{
- krb5_krcc_data *data = (krb5_krcc_data *) id->data;
+ krcc_data *data = id->data;
k5_cc_mutex_lock(context, &data->lock);
*change_time = data->changetime;
return 0;
}
+/* Lock the cache handle against other threads. (This does not lock the cache
+ * keyring against other processes.) */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_lock(krb5_context context, krb5_ccache id)
+krcc_lock(krb5_context context, krb5_ccache id)
{
- krb5_krcc_data *data = (krb5_krcc_data *) id->data;
+ krcc_data *data = id->data;
k5_cc_mutex_lock(context, &data->lock);
return 0;
}
+/* Unlock the cache handle. */
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_unlock(krb5_context context, krb5_ccache id)
+krcc_unlock(krb5_context context, krb5_ccache id)
{
- krb5_krcc_data *data = (krb5_krcc_data *) id->data;
+ krcc_data *data = id->data;
k5_cc_mutex_unlock(context, &data->lock);
return 0;
}
-
-static krb5_error_code
-krb5_krcc_save_principal(krb5_context context, krb5_ccache id,
- krb5_principal princ)
+static krb5_error_code
+save_principal(krb5_context context, krb5_ccache id, krb5_principal princ)
{
- krb5_krcc_data *d;
- krb5_error_code kret;
+ krcc_data *data = id->data;
+ krb5_error_code ret;
char *payload = NULL;
key_serial_t newkey;
unsigned int payloadsize;
- krb5_krcc_bc bc;
-
- k5_cc_mutex_assert_locked(context, &((krb5_krcc_data *) id->data)->lock);
+ krcc_bc bc;
- d = (krb5_krcc_data *) id->data;
+ k5_cc_mutex_assert_locked(context, &data->lock);
/* Do a dry run first to calculate the size. */
bc.bpp = bc.endp = NULL;
bc.size = 0;
- kret = krb5_krcc_unparse_principal(context, princ, &bc);
- CHECK_N_GO(kret, errout);
+ ret = unparse_principal(context, princ, &bc);
+ CHECK_N_GO(ret, errout);
/* Allocate a buffer and serialize for real. */
payload = malloc(bc.size);
return KRB5_CC_NOMEM;
bc.bpp = payload;
bc.endp = payload + bc.size;
- kret = krb5_krcc_unparse_principal(context, princ, &bc);
- CHECK_N_GO(kret, errout);
+ ret = unparse_principal(context, princ, &bc);
+ CHECK_N_GO(ret, errout);
/* Add new key into keyring */
payloadsize = bc.bpp - payload;
krb5_error_code rc;
char *princname = NULL;
rc = krb5_unparse_name(context, princ, &princname);
- DEBUG_PRINT(("krb5_krcc_save_principal: adding new key '%s' "
+ DEBUG_PRINT(("save_principal: adding new key '%s' "
"to keyring %d for principal '%s'\n",
- KRCC_SPEC_PRINC_KEYNAME, d->cache_id,
+ KRCC_SPEC_PRINC_KEYNAME, data->cache_id,
rc ? "<unknown>" : princname));
if (rc == 0)
krb5_free_unparsed_name(context, princname);
}
#endif
newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_PRINC_KEYNAME, payload,
- payloadsize, d->cache_id);
+ payloadsize, data->cache_id);
if (newkey < 0) {
- kret = errno;
- DEBUG_PRINT(("Error adding principal key: %s\n", strerror(kret)));
+ ret = errno;
+ DEBUG_PRINT(("Error adding principal key: %s\n", strerror(ret)));
} else {
- d->princ_id = newkey;
- kret = KRB5_OK;
- krb5_krcc_update_change_time(d);
+ data->princ_id = newkey;
+ ret = 0;
+ krcc_update_change_time(data);
}
errout:
free(payload);
- return kret;
-}
-
-static krb5_error_code
-krb5_krcc_retrieve_principal(krb5_context context, krb5_ccache id,
- krb5_principal * princ)
-{
- krb5_krcc_data *d = (krb5_krcc_data *) id->data;
- krb5_error_code kret;
- void *payload = NULL;
- int psize;
- krb5_krcc_bc bc;
-
- k5_cc_mutex_lock(context, &d->lock);
-
- if (!d->cache_id || !d->princ_id) {
- princ = 0L;
- kret = KRB5_FCC_NOFILE;
- krb5_set_error_message(context, kret,
- _("Credentials cache keyring '%s' not found"),
- d->name);
- goto errout;
- }
-
- psize = keyctl_read_alloc(d->princ_id, &payload);
- if (psize == -1) {
- DEBUG_PRINT(("Reading principal key %d: %s\n",
- d->princ_id, strerror(errno)));
- kret = KRB5_CC_IO;
- goto errout;
- }
- bc.bpp = payload;
- bc.endp = (char *)payload + psize;
- kret = krb5_krcc_parse_principal(context, princ, &bc);
-
-errout:
- if (payload)
- free(payload);
- k5_cc_mutex_unlock(context, &d->lock);
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_save_time_offsets(krb5_context context, krb5_ccache id,
- krb5_int32 time_offset, krb5_int32 usec_offset)
+/* Add a key to the cache keyring containing the given time offsets. */
+static krb5_error_code
+save_time_offsets(krb5_context context, krb5_ccache id, int32_t time_offset,
+ int32_t usec_offset)
{
- krb5_krcc_data *d = (krb5_krcc_data *)id->data;
- krb5_error_code kret;
+ krcc_data *data = id->data;
+ krb5_error_code ret;
key_serial_t newkey;
void *payload = NULL;
int psize;
- k5_cc_mutex_assert_locked(context, &d->lock);
+ k5_cc_mutex_assert_locked(context, &data->lock);
/* Prepare the payload. */
- kret = krb5_krcc_unparse_offsets(context, time_offset, usec_offset,
- &payload, &psize);
- CHECK_N_GO(kret, errout);
+ ret = unparse_offsets(context, time_offset, usec_offset, &payload, &psize);
+ CHECK_N_GO(ret, errout);
/* Add new key into keyring. */
newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS, payload, psize,
- d->cache_id);
+ data->cache_id);
if (newkey == -1) {
- kret = errno;
- DEBUG_PRINT(("Error adding time offsets key: %s\n", strerror(kret)));
+ ret = errno;
+ DEBUG_PRINT(("Error adding time offsets key: %s\n", strerror(ret)));
} else {
- kret = KRB5_OK;
- krb5_krcc_update_change_time(d);
+ ret = 0;
+ krcc_update_change_time(data);
}
errout:
free(payload);
- return kret;
+ return ret;
}
+/* Retrieve and parse the key in the cache keyring containing time offsets. */
static krb5_error_code
-krb5_krcc_get_time_offsets(krb5_context context, krb5_ccache id,
- krb5_int32 *time_offset, krb5_int32 *usec_offset)
+get_time_offsets(krb5_context context, krb5_ccache id, int32_t *time_offset,
+ int32_t *usec_offset)
{
- krb5_krcc_data *d = (krb5_krcc_data *)id->data;
- krb5_error_code kret;
+ krcc_data *data = id->data;
+ krb5_error_code ret;
key_serial_t key;
- krb5_int32 t, u;
+ int32_t t, u;
void *payload = NULL;
int psize;
- k5_cc_mutex_lock(context, &d->lock);
+ k5_cc_mutex_lock(context, &data->lock);
- if (!d->cache_id) {
- kret = KRB5_FCC_NOFILE;
+ if (!data->cache_id) {
+ ret = KRB5_FCC_NOFILE;
goto errout;
}
- key = keyctl_search(d->cache_id, KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS, 0);
+ key = keyctl_search(data->cache_id, KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS,
+ 0);
if (key == -1) {
- kret = ENOENT;
+ ret = ENOENT;
goto errout;
}
if (psize == -1) {
DEBUG_PRINT(("Reading time offsets key %d: %s\n",
key, strerror(errno)));
- kret = KRB5_CC_IO;
+ ret = KRB5_CC_IO;
goto errout;
}
- kret = krb5_krcc_parse_offsets(context, &t, &u, payload, psize);
- if (kret)
+ ret = parse_offsets(context, &t, &u, payload, psize);
+ if (ret)
goto errout;
*time_offset = t;
errout:
free(payload);
- k5_cc_mutex_unlock(context, &d->lock);
- return kret;
+ k5_cc_mutex_unlock(context, &data->lock);
+ return ret;
}
struct krcc_ptcursor_data {
};
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor_out)
+krcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor_out)
{
- struct krcc_ptcursor_data *data;
+ struct krcc_ptcursor_data *ptd;
krb5_cc_ptcursor cursor;
krb5_error_code ret;
+ void *keys;
long size;
*cursor_out = NULL;
- cursor = k5alloc(sizeof(struct krb5_cc_ptcursor_s), &ret);
+ cursor = k5alloc(sizeof(*cursor), &ret);
if (cursor == NULL)
return ENOMEM;
- data = k5alloc(sizeof(struct krcc_ptcursor_data), &ret);
- if (data == NULL)
+ ptd = k5alloc(sizeof(*ptd), &ret);
+ if (ptd == NULL)
goto error;
cursor->ops = &krb5_krcc_ops;
- cursor->data = data;
- data->first = TRUE;
+ cursor->data = ptd;
+ ptd->first = TRUE;
- ret = get_default(context, &data->anchor_name, &data->collection_name,
- &data->subsidiary_name);
+ ret = get_default(context, &ptd->anchor_name, &ptd->collection_name,
+ &ptd->subsidiary_name);
if (ret)
goto error;
/* If there is no default collection, return an empty cursor. */
- if (data->anchor_name == NULL) {
+ if (ptd->anchor_name == NULL) {
*cursor_out = cursor;
return 0;
}
- ret = get_collection(data->anchor_name, data->collection_name,
- &data->collection_id);
+ ret = get_collection(ptd->anchor_name, ptd->collection_name,
+ &ptd->collection_id);
if (ret)
goto error;
- if (data->subsidiary_name == NULL) {
- ret = get_primary_name(context, data->anchor_name,
- data->collection_name, data->collection_id,
- &data->primary_name);
+ if (ptd->subsidiary_name == NULL) {
+ ret = get_primary_name(context, ptd->anchor_name,
+ ptd->collection_name, ptd->collection_id,
+ &ptd->primary_name);
if (ret)
goto error;
- size = keyctl_read_alloc(data->collection_id, (void **)&data->keys);
+ size = keyctl_read_alloc(ptd->collection_id, &keys);
if (size == -1) {
ret = errno;
goto error;
}
- data->num_keys = size / sizeof(key_serial_t);
+ ptd->keys = keys;
+ ptd->num_keys = size / sizeof(key_serial_t);
}
*cursor_out = cursor;
return 0;
error:
- krb5_krcc_ptcursor_free(context, &cursor);
+ krcc_ptcursor_free(context, &cursor);
return ret;
}
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
- krb5_ccache *cache_out)
+krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
+ krb5_ccache *cache_out)
{
krb5_error_code ret;
- struct krcc_ptcursor_data *data;
+ struct krcc_ptcursor_data *ptd = cursor->data;
key_serial_t key, cache_id = 0;
const char *first_name, *keytype, *sep, *subsidiary_name;
size_t keytypelen;
*cache_out = NULL;
- data = cursor->data;
-
/* No keyring available */
- if (data->collection_id == 0)
+ if (ptd->collection_id == 0)
return 0;
- if (data->first) {
+ if (ptd->first) {
/* Look for the primary cache for a collection cursor, or the
* subsidiary cache for a subsidiary cursor. */
- data->first = FALSE;
- first_name = (data->primary_name != NULL) ? data->primary_name :
- data->subsidiary_name;
- cache_id = keyctl_search(data->collection_id, KRCC_KEY_TYPE_KEYRING,
+ ptd->first = FALSE;
+ first_name = (ptd->primary_name != NULL) ? ptd->primary_name :
+ ptd->subsidiary_name;
+ cache_id = keyctl_search(ptd->collection_id, KRCC_KEY_TYPE_KEYRING,
first_name, 0);
if (cache_id != -1) {
- return make_cache(context, data->collection_id, cache_id,
- data->anchor_name, data->collection_name,
+ return make_cache(context, ptd->collection_id, cache_id,
+ ptd->anchor_name, ptd->collection_name,
first_name, cache_out);
}
}
/* A subsidiary cursor yields at most the first cache. */
- if (data->subsidiary_name != NULL)
+ if (ptd->subsidiary_name != NULL)
return 0;
keytype = KRCC_KEY_TYPE_KEYRING ";";
keytypelen = strlen(keytype);
- for (; data->next_key < data->num_keys; data->next_key++) {
+ for (; ptd->next_key < ptd->num_keys; ptd->next_key++) {
/* Free any previously retrieved key description. */
free(description);
description = NULL;
* Get the key description, which should have the form:
* typename;UID;GID;permissions;description
*/
- key = data->keys[data->next_key];
+ key = ptd->keys[ptd->next_key];
if (keyctl_describe_alloc(key, &description) < 0)
continue;
sep = strrchr(description, ';');
continue;
/* Don't repeat the primary cache. */
- if (strcmp(subsidiary_name, data->primary_name) == 0)
+ if (strcmp(subsidiary_name, ptd->primary_name) == 0)
continue;
/* We found a valid key */
- data->next_key++;
- ret = make_cache(context, data->collection_id, key, data->anchor_name,
- data->collection_name, subsidiary_name, cache_out);
+ ptd->next_key++;
+ ret = make_cache(context, ptd->collection_id, key, ptd->anchor_name,
+ ptd->collection_name, subsidiary_name, cache_out);
free(description);
return ret;
}
}
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
+krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
{
- struct krcc_ptcursor_data *data = (*cursor)->data;
+ struct krcc_ptcursor_data *ptd = (*cursor)->data;
- if (data != NULL) {
- free(data->anchor_name);
- free(data->collection_name);
- free(data->subsidiary_name);
- free(data->primary_name);
- free(data->keys);
- free(data);
+ if (ptd != NULL) {
+ free(ptd->anchor_name);
+ free(ptd->collection_name);
+ free(ptd->subsidiary_name);
+ free(ptd->primary_name);
+ free(ptd->keys);
+ free(ptd);
}
free(*cursor);
*cursor = NULL;
}
static krb5_error_code KRB5_CALLCONV
-krb5_krcc_switch_to(krb5_context context, krb5_ccache cache)
+krcc_switch_to(krb5_context context, krb5_ccache cache)
{
- krb5_krcc_data *data = cache->data;
+ krcc_data *data = cache->data;
krb5_error_code ret;
char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
key_serial_t collection_id;
if (ret)
goto cleanup;
ret = set_primary_name(context, collection_id, subsidiary_name);
+
cleanup:
free(anchor_name);
free(collection_name);
* Errors:
* KRB5_CC_END - there were not len bytes available
*/
-static krb5_error_code
-krb5_krcc_parse(krb5_context context, krb5_pointer buf, unsigned int len,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse(krb5_context context, void *buf, unsigned int len, krcc_bc * bc)
{
- DEBUG_PRINT(("krb5_krcc_parse: entered\n"));
-
if ((bc->endp == bc->bpp) || (bc->endp - bc->bpp) < len)
return KRB5_CC_END;
memcpy(buf, bc->bpp, len);
bc->bpp += len;
- return KRB5_OK;
+ return 0;
}
/*
* Take a key (credential) read from a keyring entry
* and parse it into a credential structure.
*/
-static krb5_error_code
-krb5_krcc_parse_cred(krb5_context context, krb5_creds * creds, char *payload,
- int psize)
+static krb5_error_code
+parse_cred(krb5_context context, krb5_creds * creds, char *payload, int psize)
{
- krb5_error_code kret;
+ krb5_error_code ret;
krb5_octet octet;
- krb5_int32 int32;
- krb5_krcc_bc bc;
+ int32_t int32;
+ krcc_bc bc;
/* Parse the pieces of the credential */
bc.bpp = payload;
bc.endp = bc.bpp + psize;
- kret = krb5_krcc_parse_principal(context, &creds->client, &bc);
- CHECK_N_GO(kret, out);
+ ret = parse_principal(context, &creds->client, &bc);
+ CHECK_N_GO(ret, out);
- kret = krb5_krcc_parse_principal(context, &creds->server, &bc);
- CHECK_N_GO(kret, cleanclient);
+ ret = parse_principal(context, &creds->server, &bc);
+ CHECK_N_GO(ret, cleanclient);
- kret = krb5_krcc_parse_keyblock(context, &creds->keyblock, &bc);
- CHECK_N_GO(kret, cleanserver);
+ ret = parse_keyblock(context, &creds->keyblock, &bc);
+ CHECK_N_GO(ret, cleanserver);
- kret = krb5_krcc_parse_times(context, &creds->times, &bc);
- CHECK_N_GO(kret, cleanserver);
+ ret = parse_times(context, &creds->times, &bc);
+ CHECK_N_GO(ret, cleanserver);
- kret = krb5_krcc_parse_octet(context, &octet, &bc);
- CHECK_N_GO(kret, cleanserver);
+ ret = parse_octet(context, &octet, &bc);
+ CHECK_N_GO(ret, cleanserver);
creds->is_skey = octet;
- kret = krb5_krcc_parse_int32(context, &int32, &bc);
- CHECK_N_GO(kret, cleanserver);
+ ret = parse_int32(context, &int32, &bc);
+ CHECK_N_GO(ret, cleanserver);
creds->ticket_flags = int32;
- kret = krb5_krcc_parse_addrs(context, &creds->addresses, &bc);
- CHECK_N_GO(kret, cleanblock);
+ ret = parse_addrs(context, &creds->addresses, &bc);
+ CHECK_N_GO(ret, cleanblock);
- kret = krb5_krcc_parse_authdata(context, &creds->authdata, &bc);
- CHECK_N_GO(kret, cleanaddrs);
+ ret = parse_authdata(context, &creds->authdata, &bc);
+ CHECK_N_GO(ret, cleanaddrs);
- kret = krb5_krcc_parse_krb5data(context, &creds->ticket, &bc);
- CHECK_N_GO(kret, cleanauthdata);
+ ret = parse_krb5data(context, &creds->ticket, &bc);
+ CHECK_N_GO(ret, cleanauthdata);
- kret = krb5_krcc_parse_krb5data(context, &creds->second_ticket, &bc);
- CHECK_N_GO(kret, cleanticket);
+ ret = parse_krb5data(context, &creds->second_ticket, &bc);
+ CHECK_N_GO(ret, cleanticket);
- kret = KRB5_OK;
+ ret = 0;
goto out;
cleanticket:
- memset(creds->ticket.data, 0, (unsigned) creds->ticket.length);
+ memset(creds->ticket.data, 0, creds->ticket.length);
free(creds->ticket.data);
cleanauthdata:
krb5_free_authdata(context, creds->authdata);
krb5_free_principal(context, creds->client);
out:
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_principal(krb5_context context, krb5_principal * princ,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_principal(krb5_context context, krb5_principal *princ, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
register krb5_principal tmpprinc;
- krb5_int32 length, type;
- int i;
+ int32_t length, type;
+ int i;
/* Read principal type */
- kret = krb5_krcc_parse_int32(context, &type, bc);
- if (kret != KRB5_OK)
- return kret;
+ ret = parse_int32(context, &type, bc);
+ if (ret)
+ return ret;
/* Read the number of components */
- kret = krb5_krcc_parse_int32(context, &length, bc);
- if (kret != KRB5_OK)
- return kret;
+ ret = parse_int32(context, &length, bc);
+ if (ret)
+ return ret;
if (length < 0)
return KRB5_CC_NOMEM;
- tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data));
+ tmpprinc = malloc(sizeof(krb5_principal_data));
if (tmpprinc == NULL)
return KRB5_CC_NOMEM;
if (length) {
free(tmpprinc);
return KRB5_CC_NOMEM;
}
- } else
+ } else {
tmpprinc->data = 0;
+ }
tmpprinc->magic = KV5M_PRINCIPAL;
tmpprinc->length = length;
tmpprinc->type = type;
- kret = krb5_krcc_parse_krb5data(context, &tmpprinc->realm, bc);
+ ret = parse_krb5data(context, &tmpprinc->realm, bc);
i = 0;
- CHECK(kret);
+ CHECK(ret);
for (i = 0; i < length; i++) {
- kret = krb5_krcc_parse_krb5data(context, &tmpprinc->data[i], bc);
- CHECK(kret);
+ ret = parse_krb5data(context, &tmpprinc->data[i], bc);
+ CHECK(ret);
}
*princ = tmpprinc;
- return KRB5_OK;
+ return 0;
errout:
while (--i >= 0)
free(tmpprinc->realm.data);
free(tmpprinc->data);
free(tmpprinc);
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_keyblock(krb5_context context, krb5_keyblock * keyblock,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_keyblock(krb5_context context, krb5_keyblock *keyblock, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_ui_2 ui2;
- krb5_int32 int32;
+ krb5_error_code ret;
+ uint16_t ui2;
+ int32_t int32;
keyblock->magic = KV5M_KEYBLOCK;
keyblock->contents = 0;
- kret = krb5_krcc_parse_ui_2(context, &ui2, bc);
- CHECK(kret);
+ ret = parse_uint16(context, &ui2, bc);
+ CHECK(ret);
keyblock->enctype = ui2;
- kret = krb5_krcc_parse_int32(context, &int32, bc);
- CHECK(kret);
+ ret = parse_int32(context, &int32, bc);
+ CHECK(ret);
if (int32 < 0)
return KRB5_CC_NOMEM;
keyblock->length = int32;
if (keyblock->length == 0)
- return KRB5_OK;
+ return 0;
keyblock->contents = malloc(keyblock->length);
if (keyblock->contents == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_krcc_parse(context, keyblock->contents, keyblock->length, bc);
- CHECK(kret);
+ ret = parse(context, keyblock->contents, keyblock->length, bc);
+ CHECK(ret);
- return KRB5_OK;
+ return 0;
errout:
if (keyblock->contents)
free(keyblock->contents);
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_times(krb5_context context, krb5_ticket_times * t,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_times(krb5_context context, krb5_ticket_times *t, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_int32 i;
+ krb5_error_code ret;
+ int32_t i;
- kret = krb5_krcc_parse_int32(context, &i, bc);
- CHECK(kret);
+ ret = parse_int32(context, &i, bc);
+ CHECK(ret);
t->authtime = i;
- kret = krb5_krcc_parse_int32(context, &i, bc);
- CHECK(kret);
+ ret = parse_int32(context, &i, bc);
+ CHECK(ret);
t->starttime = i;
- kret = krb5_krcc_parse_int32(context, &i, bc);
- CHECK(kret);
+ ret = parse_int32(context, &i, bc);
+ CHECK(ret);
t->endtime = i;
- kret = krb5_krcc_parse_int32(context, &i, bc);
- CHECK(kret);
+ ret = parse_int32(context, &i, bc);
+ CHECK(ret);
t->renew_till = i;
return 0;
errout:
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_krb5data(krb5_context context, krb5_data * data,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_krb5data(krb5_context context, krb5_data *data, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_int32 len;
+ krb5_error_code ret;
+ int32_t len;
data->magic = KV5M_DATA;
data->data = 0;
- kret = krb5_krcc_parse_int32(context, &len, bc);
- CHECK(kret);
+ ret = parse_int32(context, &len, bc);
+ CHECK(ret);
if (len < 0)
return KRB5_CC_NOMEM;
data->length = len;
if (data->length == 0) {
data->data = 0;
- return KRB5_OK;
+ return 0;
}
- data->data = (char *) malloc(data->length + 1);
+ data->data = malloc(data->length + 1);
if (data->data == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_krcc_parse(context, data->data, (unsigned) data->length, bc);
- CHECK(kret);
+ ret = parse(context, data->data, data->length, bc);
+ CHECK(ret);
data->data[data->length] = 0; /* Null terminate, just in case.... */
- return KRB5_OK;
+ return 0;
errout:
if (data->data)
free(data->data);
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_int32(krb5_context context, krb5_int32 * i, krb5_krcc_bc * bc)
+static krb5_error_code
+parse_int32(krb5_context context, int32_t *i, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
unsigned char buf[4];
- kret = krb5_krcc_parse(context, buf, 4, bc);
- if (kret)
- return kret;
+ ret = parse(context, buf, 4, bc);
+ if (ret)
+ return ret;
*i = load_32_be(buf);
return 0;
}
-static krb5_error_code
-krb5_krcc_parse_octet(krb5_context context, krb5_octet * i, krb5_krcc_bc * bc)
+static krb5_error_code
+parse_octet(krb5_context context, krb5_octet *i, krcc_bc *bc)
{
- return krb5_krcc_parse(context, (krb5_pointer) i, 1, bc);
+ return parse(context, i, 1, bc);
}
-static krb5_error_code
-krb5_krcc_parse_addrs(krb5_context context, krb5_address *** addrs,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_addrs(krb5_context context, krb5_address ***addrs, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_int32 length;
+ krb5_error_code ret;
+ int32_t length;
size_t msize;
- int i;
+ int i;
*addrs = 0;
/* Read the number of components */
- kret = krb5_krcc_parse_int32(context, &length, bc);
- CHECK(kret);
+ ret = parse_int32(context, &length, bc);
+ CHECK(ret);
/*
* Make *addrs able to hold length pointers to krb5_address structs
return KRB5_CC_NOMEM;
for (i = 0; i < length; i++) {
- (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
+ (*addrs)[i] = malloc(sizeof(krb5_address));
if ((*addrs)[i] == NULL) {
krb5_free_addresses(context, *addrs);
return KRB5_CC_NOMEM;
}
- kret = krb5_krcc_parse_addr(context, (*addrs)[i], bc);
- CHECK(kret);
+ ret = parse_addr(context, (*addrs)[i], bc);
+ CHECK(ret);
}
- return KRB5_OK;
+ return 0;
errout:
if (*addrs)
krb5_free_addresses(context, *addrs);
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_addr(krb5_context context, krb5_address * addr,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_addr(krb5_context context, krb5_address *addr, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_ui_2 ui2;
- krb5_int32 int32;
+ krb5_error_code ret;
+ uint16_t ui2;
+ int32_t int32;
addr->magic = KV5M_ADDRESS;
addr->contents = 0;
- kret = krb5_krcc_parse_ui_2(context, &ui2, bc);
- CHECK(kret);
+ ret = parse_uint16(context, &ui2, bc);
+ CHECK(ret);
addr->addrtype = ui2;
- kret = krb5_krcc_parse_int32(context, &int32, bc);
- CHECK(kret);
+ ret = parse_int32(context, &int32, bc);
+ CHECK(ret);
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
addr->length = int32;
if (addr->length == 0)
- return KRB5_OK;
+ return 0;
- addr->contents = (krb5_octet *) malloc(addr->length);
+ addr->contents = malloc(addr->length);
if (addr->contents == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_krcc_parse(context, addr->contents, addr->length, bc);
- CHECK(kret);
+ ret = parse(context, addr->contents, addr->length, bc);
+ CHECK(ret);
- return KRB5_OK;
+ return 0;
errout:
if (addr->contents)
free(addr->contents);
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_authdata(krb5_context context, krb5_authdata *** a,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_authdata(krb5_context context, krb5_authdata ***a, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_int32 length;
+ krb5_error_code ret;
+ int32_t length;
size_t msize;
int i;
*a = 0;
/* Read the number of components */
- kret = krb5_krcc_parse_int32(context, &length, bc);
- CHECK(kret);
+ ret = parse_int32(context, &length, bc);
+ CHECK(ret);
if (length == 0)
- return KRB5_OK;
+ return 0;
/*
* Make *a able to hold length pointers to krb5_authdata structs
return KRB5_CC_NOMEM;
for (i = 0; i < length; i++) {
- (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+ (*a)[i] = malloc(sizeof(krb5_authdata));
if ((*a)[i] == NULL) {
krb5_free_authdata(context, *a);
*a = NULL;
return KRB5_CC_NOMEM;
}
- kret = krb5_krcc_parse_authdatum(context, (*a)[i], bc);
- CHECK(kret);
+ ret = parse_authdatum(context, (*a)[i], bc);
+ CHECK(ret);
}
- return KRB5_OK;
+ return 0;
errout:
if (*a) {
krb5_free_authdata(context, *a);
*a = NULL;
}
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_authdatum(krb5_context context, krb5_authdata * a,
- krb5_krcc_bc * bc)
+static krb5_error_code
+parse_authdatum(krb5_context context, krb5_authdata *a, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_int32 int32;
- krb5_ui_2 ui2;
+ krb5_error_code ret;
+ int32_t int32;
+ uint16_t ui2;
a->magic = KV5M_AUTHDATA;
a->contents = NULL;
- kret = krb5_krcc_parse_ui_2(context, &ui2, bc);
- CHECK(kret);
- a->ad_type = (krb5_authdatatype) ui2;
- kret = krb5_krcc_parse_int32(context, &int32, bc);
- CHECK(kret);
+ ret = parse_uint16(context, &ui2, bc);
+ CHECK(ret);
+ a->ad_type = ui2;
+ ret = parse_int32(context, &int32, bc);
+ CHECK(ret);
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
a->length = int32;
if (a->length == 0)
- return KRB5_OK;
+ return 0;
- a->contents = (krb5_octet *) malloc(a->length);
+ a->contents = malloc(a->length);
if (a->contents == NULL)
return KRB5_CC_NOMEM;
- kret = krb5_krcc_parse(context, a->contents, a->length, bc);
- CHECK(kret);
+ ret = parse(context, a->contents, a->length, bc);
+ CHECK(ret);
- return KRB5_OK;
+ return 0;
errout:
if (a->contents)
free(a->contents);
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_parse_ui_2(krb5_context context, krb5_ui_2 * i, krb5_krcc_bc * bc)
+static krb5_error_code
+parse_uint16(krb5_context context, uint16_t *i, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
unsigned char buf[2];
- kret = krb5_krcc_parse(context, buf, 2, bc);
- if (kret)
- return kret;
+ ret = parse(context, buf, 2, bc);
+ if (ret)
+ return ret;
*i = load_16_be(buf);
return 0;
}
* Errors:
* system errors
*/
-static krb5_error_code
-krb5_krcc_unparse(krb5_context context, krb5_pointer buf, unsigned int len,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse(krb5_context context, void *buf, unsigned int len, krcc_bc *bc)
{
if (bc->bpp == NULL) {
/* This is a dry run; just increase size and return. */
bc->size += len;
- return KRB5_OK;
+ return 0;
}
if (bc->bpp + len > bc->endp)
memcpy(bc->bpp, buf, len);
bc->bpp += len;
- return KRB5_OK;
+ return 0;
}
-static krb5_error_code
-krb5_krcc_unparse_principal(krb5_context context, krb5_principal princ,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_principal(krb5_context context, krb5_principal princ, krcc_bc *bc)
{
- krb5_error_code kret;
- krb5_int32 i, length, tmp, type;
+ krb5_error_code ret;
+ int32_t i, length, tmp, type;
type = princ->type;
tmp = length = princ->length;
- kret = krb5_krcc_unparse_int32(context, type, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, type, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_int32(context, tmp, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, tmp, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_krb5data(context, &princ->realm, bc);
- CHECK_OUT(kret);
+ ret = unparse_krb5data(context, &princ->realm, bc);
+ CHECK_OUT(ret);
for (i = 0; i < length; i++) {
- kret = krb5_krcc_unparse_krb5data(context, &princ->data[i], bc);
- CHECK_OUT(kret);
+ ret = unparse_krb5data(context, &princ->data[i], bc);
+ CHECK_OUT(ret);
}
- return KRB5_OK;
+ return 0;
}
-static krb5_error_code
-krb5_krcc_unparse_keyblock(krb5_context context, krb5_keyblock * keyblock,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_keyblock(krb5_context context, krb5_keyblock *keyblock, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
- kret = krb5_krcc_unparse_ui_2(context, keyblock->enctype, bc);
- CHECK_OUT(kret);
- kret = krb5_krcc_unparse_ui_4(context, keyblock->length, bc);
- CHECK_OUT(kret);
- return krb5_krcc_unparse(context, (char *) keyblock->contents,
- keyblock->length, bc);
+ ret = unparse_uint16(context, keyblock->enctype, bc);
+ CHECK_OUT(ret);
+ ret = unparse_uint32(context, keyblock->length, bc);
+ CHECK_OUT(ret);
+ return unparse(context, keyblock->contents, keyblock->length, bc);
}
-static krb5_error_code
-krb5_krcc_unparse_times(krb5_context context, krb5_ticket_times * t,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_times(krb5_context context, krb5_ticket_times *t, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
- kret = krb5_krcc_unparse_int32(context, t->authtime, bc);
- CHECK_OUT(kret);
- kret = krb5_krcc_unparse_int32(context, t->starttime, bc);
- CHECK_OUT(kret);
- kret = krb5_krcc_unparse_int32(context, t->endtime, bc);
- CHECK_OUT(kret);
- kret = krb5_krcc_unparse_int32(context, t->renew_till, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, t->authtime, bc);
+ CHECK_OUT(ret);
+ ret = unparse_int32(context, t->starttime, bc);
+ CHECK_OUT(ret);
+ ret = unparse_int32(context, t->endtime, bc);
+ CHECK_OUT(ret);
+ ret = unparse_int32(context, t->renew_till, bc);
+ CHECK_OUT(ret);
return 0;
}
-static krb5_error_code
-krb5_krcc_unparse_krb5data(krb5_context context, krb5_data * data,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_krb5data(krb5_context context, krb5_data *data, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
- kret = krb5_krcc_unparse_ui_4(context, data->length, bc);
- CHECK_OUT(kret);
- return krb5_krcc_unparse(context, data->data, data->length, bc);
+ ret = unparse_uint32(context, data->length, bc);
+ CHECK_OUT(ret);
+ return unparse(context, data->data, data->length, bc);
}
-static krb5_error_code
-krb5_krcc_unparse_int32(krb5_context context, krb5_int32 i, krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_int32(krb5_context context, int32_t i, krcc_bc *bc)
{
- return krb5_krcc_unparse_ui_4(context, (krb5_ui_4) i, bc);
+ return unparse_uint32(context, i, bc);
}
-static krb5_error_code
-krb5_krcc_unparse_octet(krb5_context context, krb5_int32 i, krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_octet(krb5_context context, int32_t i, krcc_bc *bc)
{
- krb5_octet ibuf;
+ unsigned char ibuf = i;
- ibuf = (krb5_octet) i;
- return krb5_krcc_unparse(context, (char *) &ibuf, 1, bc);
+ return unparse(context, (char *)&ibuf, 1, bc);
}
-static krb5_error_code
-krb5_krcc_unparse_addrs(krb5_context context, krb5_address ** addrs,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_addrs(krb5_context context, krb5_address **addrs, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
krb5_address **temp;
- krb5_int32 i, length = 0;
+ int32_t i, length = 0;
/* Count the number of components */
if (addrs) {
length += 1;
}
- kret = krb5_krcc_unparse_int32(context, length, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, length, bc);
+ CHECK_OUT(ret);
for (i = 0; i < length; i++) {
- kret = krb5_krcc_unparse_addr(context, addrs[i], bc);
- CHECK_OUT(kret);
+ ret = unparse_addr(context, addrs[i], bc);
+ CHECK_OUT(ret);
}
- return KRB5_OK;
+ return 0;
}
-static krb5_error_code
-krb5_krcc_unparse_addr(krb5_context context, krb5_address * addr,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_addr(krb5_context context, krb5_address *addr, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
- kret = krb5_krcc_unparse_ui_2(context, addr->addrtype, bc);
- CHECK_OUT(kret);
- kret = krb5_krcc_unparse_ui_4(context, addr->length, bc);
- CHECK_OUT(kret);
- return krb5_krcc_unparse(context, (char *) addr->contents,
- addr->length, bc);
+ ret = unparse_uint16(context, addr->addrtype, bc);
+ CHECK_OUT(ret);
+ ret = unparse_uint32(context, addr->length, bc);
+ CHECK_OUT(ret);
+ return unparse(context, addr->contents, addr->length, bc);
}
-static krb5_error_code
-krb5_krcc_unparse_authdata(krb5_context context,
- krb5_authdata ** a, krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_authdata(krb5_context context, krb5_authdata **a, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
krb5_authdata **temp;
- krb5_int32 i, length = 0;
+ int32_t i, length = 0;
if (a != NULL) {
for (temp = a; *temp; temp++)
length++;
}
- kret = krb5_krcc_unparse_int32(context, length, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, length, bc);
+ CHECK_OUT(ret);
for (i = 0; i < length; i++) {
- kret = krb5_krcc_unparse_authdatum(context, a[i], bc);
- CHECK_OUT(kret);
+ ret = unparse_authdatum(context, a[i], bc);
+ CHECK_OUT(ret);
}
- return KRB5_OK;
+ return 0;
}
-static krb5_error_code
-krb5_krcc_unparse_authdatum(krb5_context context, krb5_authdata * a,
- krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_authdatum(krb5_context context, krb5_authdata *a, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
- kret = krb5_krcc_unparse_ui_2(context, a->ad_type, bc);
- CHECK_OUT(kret);
- kret = krb5_krcc_unparse_ui_4(context, a->length, bc);
- CHECK_OUT(kret);
- return krb5_krcc_unparse(context, (krb5_pointer) a->contents,
- a->length, bc);
+ ret = unparse_uint16(context, a->ad_type, bc);
+ CHECK_OUT(ret);
+ ret = unparse_uint32(context, a->length, bc);
+ CHECK_OUT(ret);
+ return unparse(context, a->contents, a->length, bc);
}
-static krb5_error_code
-krb5_krcc_unparse_ui_4(krb5_context context, krb5_ui_4 i, krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_uint32(krb5_context context, uint32_t i, krcc_bc *bc)
{
unsigned char buf[4];
store_32_be(i, buf);
- return krb5_krcc_unparse(context, buf, 4, bc);
+ return unparse(context, buf, 4, bc);
}
-static krb5_error_code
-krb5_krcc_unparse_ui_2(krb5_context context, krb5_int32 i, krb5_krcc_bc * bc)
+static krb5_error_code
+unparse_uint16(krb5_context context, int32_t i, krcc_bc *bc)
{
unsigned char buf[2];
store_16_be(i, buf);
- return krb5_krcc_unparse(context, buf, 2, bc);
+ return unparse(context, buf, 2, bc);
}
/*
* for storage into a keyring key entry.
* Caller is responsible for freeing returned buffer.
*/
-static krb5_error_code
-krb5_krcc_unparse_cred(krb5_context context, krb5_creds * creds,
- krb5_krcc_bc *bc)
+static krb5_error_code
+unparse_cred(krb5_context context, krb5_creds *creds, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
- kret = krb5_krcc_unparse_principal(context, creds->client, bc);
- CHECK_OUT(kret);
+ ret = unparse_principal(context, creds->client, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_principal(context, creds->server, bc);
- CHECK_OUT(kret);
+ ret = unparse_principal(context, creds->server, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_keyblock(context, &creds->keyblock, bc);
- CHECK_OUT(kret);
+ ret = unparse_keyblock(context, &creds->keyblock, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_times(context, &creds->times, bc);
- CHECK_OUT(kret);
+ ret = unparse_times(context, &creds->times, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_octet(context, (krb5_int32) creds->is_skey, bc);
- CHECK_OUT(kret);
+ ret = unparse_octet(context, creds->is_skey, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_int32(context, creds->ticket_flags, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, creds->ticket_flags, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_addrs(context, creds->addresses, bc);
- CHECK_OUT(kret);
+ ret = unparse_addrs(context, creds->addresses, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_authdata(context, creds->authdata, bc);
- CHECK_OUT(kret);
+ ret = unparse_authdata(context, creds->authdata, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_krb5data(context, &creds->ticket, bc);
- CHECK_OUT(kret);
- CHECK(kret);
+ ret = unparse_krb5data(context, &creds->ticket, bc);
+ CHECK_OUT(ret);
+ CHECK(ret);
- kret = krb5_krcc_unparse_krb5data(context, &creds->second_ticket, bc);
- CHECK_OUT(kret);
+ ret = unparse_krb5data(context, &creds->second_ticket, bc);
+ CHECK_OUT(ret);
/* Success! */
- kret = KRB5_OK;
+ ret = 0;
errout:
- return kret;
+ return ret;
}
-static krb5_error_code
-krb5_krcc_unparse_cred_alloc(krb5_context context, krb5_creds * creds,
- char **datapp, unsigned int *lenptr)
+static krb5_error_code
+unparse_cred_alloc(krb5_context context, krb5_creds *creds, char **datapp,
+ unsigned int *lenptr)
{
- krb5_error_code kret;
+ krb5_error_code ret;
char *buf = NULL;
- krb5_krcc_bc bc;
+ krcc_bc bc;
if (!creds || !datapp || !lenptr)
return EINVAL;
/* Do a dry run first to calculate the size. */
bc.bpp = bc.endp = NULL;
bc.size = 0;
- kret = krb5_krcc_unparse_cred(context, creds, &bc);
- CHECK(kret);
+ ret = unparse_cred(context, creds, &bc);
+ CHECK(ret);
if (bc.size > MAX_CRED_SIZE)
return KRB5_CC_WRITE;
return KRB5_CC_NOMEM;
bc.bpp = buf;
bc.endp = buf + bc.size;
- kret = krb5_krcc_unparse_cred(context, creds, &bc);
- CHECK(kret);
+ ret = unparse_cred(context, creds, &bc);
+ CHECK(ret);
/* Success! */
*datapp = buf;
*lenptr = bc.bpp - buf;
buf = NULL;
- kret = KRB5_OK;
+ ret = 0;
errout:
free(buf);
- return kret;
+ return ret;
}
static krb5_error_code
-krb5_krcc_parse_index(krb5_context context, krb5_int32 *version,
- char **primary, void *payload, int psize)
+parse_index(krb5_context context, int32_t *version, char **primary,
+ void *payload, int psize)
{
- krb5_error_code kret;
- krb5_krcc_bc bc;
+ krb5_error_code ret;
+ krcc_bc bc;
krb5_data data;
bc.bpp = payload;
bc.endp = bc.bpp + psize;
- kret = krb5_krcc_parse_int32(context, version, &bc);
- CHECK_OUT(kret);
+ ret = parse_int32(context, version, &bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_parse_krb5data(context, &data, &bc);
- CHECK_OUT(kret);
+ ret = parse_krb5data(context, &data, &bc);
+ CHECK_OUT(ret);
*primary = (char *)data.data;
- return KRB5_OK;
+ return 0;
}
static krb5_error_code
-krb5_krcc_unparse_index_internal(krb5_context context, krb5_int32 version,
- const char *primary, krb5_krcc_bc *bc)
+unparse_index_internal(krb5_context context, int32_t version,
+ const char *primary, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
krb5_data data;
data.length = strlen(primary) + 1;
data.data = (void *)primary;
- kret = krb5_krcc_unparse_int32(context, version, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, version, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_krb5data(context, &data, bc);
- CHECK_OUT(kret);
+ ret = unparse_krb5data(context, &data, bc);
+ CHECK_OUT(ret);
- return KRB5_OK;
+ return 0;
}
static krb5_error_code
-krb5_krcc_unparse_index(krb5_context context, krb5_int32 version,
- const char *primary, void **datapp, int *lenptr)
+unparse_index(krb5_context context, int32_t version, const char *primary,
+ void **datapp, int *lenptr)
{
- krb5_error_code kret;
- krb5_krcc_bc bc;
+ krb5_error_code ret;
+ krcc_bc bc;
char *buf;
if (!primary || !datapp || !lenptr)
/* Do a dry run first to calculate the size. */
bc.bpp = bc.endp = NULL;
bc.size = 0;
- kret = krb5_krcc_unparse_index_internal(context, version, primary, &bc);
- CHECK_OUT(kret);
+ ret = unparse_index_internal(context, version, primary, &bc);
+ CHECK_OUT(ret);
buf = malloc(bc.size);
if (buf == NULL)
bc.bpp = buf;
bc.endp = buf + bc.size;
- kret = krb5_krcc_unparse_index_internal(context, version, primary, &bc);
- CHECK(kret);
+ ret = unparse_index_internal(context, version, primary, &bc);
+ CHECK(ret);
/* Success! */
*datapp = buf;
*lenptr = bc.bpp - buf;
- kret = KRB5_OK;
+ ret = 0;
errout:
- if (kret)
+ if (ret)
free(buf);
- return kret;
+ return ret;
}
static krb5_error_code
-krb5_krcc_parse_offsets(krb5_context context, krb5_int32 *time_offset,
- krb5_int32 *usec_offset, void *payload, int psize)
+parse_offsets(krb5_context context, int32_t *time_offset, int32_t *usec_offset,
+ void *payload, int psize)
{
- krb5_error_code kret;
- krb5_krcc_bc bc;
+ krb5_error_code ret;
+ krcc_bc bc;
bc.bpp = payload;
bc.endp = bc.bpp + psize;
- kret = krb5_krcc_parse_int32(context, time_offset, &bc);
- CHECK_OUT(kret);
+ ret = parse_int32(context, time_offset, &bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_parse_int32(context, usec_offset, &bc);
- CHECK_OUT(kret);
+ ret = parse_int32(context, usec_offset, &bc);
+ CHECK_OUT(ret);
- return KRB5_OK;
+ return 0;
}
static krb5_error_code
-krb5_krcc_unparse_offsets_internal(krb5_context context,
- krb5_int32 time_offset,
- krb5_int32 usec_offset,
- krb5_krcc_bc *bc)
+unparse_offsets_internal(krb5_context context, int32_t time_offset,
+ int32_t usec_offset, krcc_bc *bc)
{
- krb5_error_code kret;
+ krb5_error_code ret;
- kret = krb5_krcc_unparse_int32(context, time_offset, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, time_offset, bc);
+ CHECK_OUT(ret);
- kret = krb5_krcc_unparse_int32(context, usec_offset, bc);
- CHECK_OUT(kret);
+ ret = unparse_int32(context, usec_offset, bc);
+ CHECK_OUT(ret);
- return KRB5_OK;
+ return 0;
}
static krb5_error_code
-krb5_krcc_unparse_offsets(krb5_context context, krb5_int32 time_offset,
- krb5_int32 usec_offset, void **datapp, int *lenptr)
+unparse_offsets(krb5_context context, int32_t time_offset, int32_t usec_offset,
+ void **datapp, int *lenptr)
{
- krb5_error_code kret;
- krb5_krcc_bc bc;
+ krb5_error_code ret;
+ krcc_bc bc;
char *buf;
if (!datapp || !lenptr)
/* Do a dry run first to calculate the size. */
bc.bpp = bc.endp = NULL;
bc.size = 0;
- kret = krb5_krcc_unparse_offsets_internal(context, time_offset,
- usec_offset, &bc);
- CHECK_OUT(kret);
+ ret = unparse_offsets_internal(context, time_offset, usec_offset, &bc);
+ CHECK_OUT(ret);
buf = malloc(bc.size);
if (buf == NULL)
bc.bpp = buf;
bc.endp = buf + bc.size;
- kret = krb5_krcc_unparse_offsets_internal(context, time_offset,
- usec_offset, &bc);
- CHECK(kret);
+ ret = unparse_offsets_internal(context, time_offset, usec_offset, &bc);
+ CHECK(ret);
/* Success! */
*datapp = buf;
*lenptr = bc.bpp - buf;
- kret = KRB5_OK;
+ ret = 0;
errout:
- if (kret)
+ if (ret)
free(buf);
- return kret;
+ return ret;
}
/*
- * Utility routine: called by krb5_krcc_* functions to keep
- * result of krb5_krcc_last_change_time up to date.
+ * Utility routine: called by krcc_* functions to keep
+ * result of krcc_last_change_time up to date.
* Value monotonically increases -- based on but not guaranteed to be actual
* system time.
*/
static void
-krb5_krcc_update_change_time(krb5_krcc_data *d)
+krcc_update_change_time(krcc_data *data)
{
krb5_timestamp now_time = time(NULL);
- d->changetime = (d->changetime >= now_time) ?
- d->changetime + 1 : now_time;
+ data->changetime = (data->changetime >= now_time) ?
+ data->changetime + 1 : now_time;
}
-
/*
* ccache implementation storing credentials in the Linux keyring facility
* The default is to put them at the session keyring level.
const krb5_cc_ops krb5_krcc_ops = {
0,
"KEYRING",
- krb5_krcc_get_name,
- krb5_krcc_resolve,
- krb5_krcc_generate_new,
- krb5_krcc_initialize,
- krb5_krcc_destroy,
- krb5_krcc_close,
- krb5_krcc_store,
- krb5_krcc_retrieve,
- krb5_krcc_get_principal,
- krb5_krcc_start_seq_get,
- krb5_krcc_next_cred,
- krb5_krcc_end_seq_get,
- krb5_krcc_remove_cred,
- krb5_krcc_set_flags,
- krb5_krcc_get_flags, /* added after 1.4 release */
- krb5_krcc_ptcursor_new,
- krb5_krcc_ptcursor_next,
- krb5_krcc_ptcursor_free,
+ krcc_get_name,
+ krcc_resolve,
+ krcc_generate_new,
+ krcc_initialize,
+ krcc_destroy,
+ krcc_close,
+ krcc_store,
+ krcc_retrieve,
+ krcc_get_principal,
+ krcc_start_seq_get,
+ krcc_next_cred,
+ krcc_end_seq_get,
+ krcc_remove_cred,
+ krcc_set_flags,
+ krcc_get_flags, /* added after 1.4 release */
+ krcc_ptcursor_new,
+ krcc_ptcursor_next,
+ krcc_ptcursor_free,
NULL, /* move */
- krb5_krcc_last_change_time, /* lastchange */
+ krcc_last_change_time, /* lastchange */
NULL, /* wasdefault */
- krb5_krcc_lock,
- krb5_krcc_unlock,
- krb5_krcc_switch_to,
+ krcc_lock,
+ krcc_unlock,
+ krcc_switch_to,
};
#else /* !USE_KEYRING_CCACHE */
projects / thirdparty / krb5.git / commitdiff
