acache.c

samba最新软件

}

static krb5_error_code
acc_gen_new(krb5_context context, krb5_ccache *id)
{
    krb5_error_code ret;
    krb5_acc *a;

    ret = acc_alloc(context, id);
    if (ret)
	return ret;

    a = ACACHE(*id);

    a->ccache = NULL;
    a->cache_name = NULL;

    return 0;
}

static krb5_error_code
acc_initialize(krb5_context context,
	       krb5_ccache id,
	       krb5_principal primary_principal)
{
    krb5_acc *a = ACACHE(id);
    krb5_error_code ret;
    int32_t error;
    char *name;

    ret = krb5_unparse_name(context, primary_principal, &name);
    if (ret)
	return ret;

    if (a->cache_name == NULL) {
	error = (*a->context->func->create_new_ccache)(a->context,
						       cc_credentials_v5,
						       name,
						       &a->ccache);
	free(name);
	if (error == ccNoError)
	    error = get_cc_name(a);
    } else {
	cc_credentials_iterator_t iter;
	cc_credentials_t ccred;

	error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
	if (error) {
	    free(name);
	    return translate_cc_error(context, error);
	}

	while (1) {
	    error = (*iter->func->next)(iter, &ccred);
	    if (error)
		break;
	    (*a->ccache->func->remove_credentials)(a->ccache, ccred);
	    (*ccred->func->release)(ccred);
	}
	(*iter->func->release)(iter);

	error = (*a->ccache->func->set_principal)(a->ccache,
						  cc_credentials_v5,
						  name);
    }

    return translate_cc_error(context, error);
}

static krb5_error_code
acc_close(krb5_context context,
	  krb5_ccache id)
{
    krb5_acc *a = ACACHE(id);

    if (a->ccache) {
	(*a->ccache->func->release)(a->ccache);
	a->ccache = NULL;
    }
    if (a->cache_name) {
	free(a->cache_name);
	a->cache_name = NULL;
    }
    (*a->context->func->release)(a->context);
    a->context = NULL;
    krb5_data_free(&id->data);
    return 0;
}

static krb5_error_code
acc_destroy(krb5_context context,
	    krb5_ccache id)
{
    krb5_acc *a = ACACHE(id);
    cc_int32 error = 0;

    if (a->ccache) {
	error = (*a->ccache->func->destroy)(a->ccache);
	a->ccache = NULL;
    }
    if (a->context) {
	error = (a->context->func->release)(a->context);
	a->context = NULL;
    }
    return translate_cc_error(context, error);
}

static krb5_error_code
acc_store_cred(krb5_context context,
	       krb5_ccache id,
	       krb5_creds *creds)
{
    krb5_acc *a = ACACHE(id);
    cc_credentials_union cred;
    cc_credentials_v5_t v5cred;
    krb5_error_code ret;
    cc_int32 error;
    
    if (a->ccache == NULL) {
	krb5_set_error_string(context, "No API credential found");
	return KRB5_CC_NOTFOUND;
    }

    cred.version = cc_credentials_v5;
    cred.credentials.credentials_v5 = &v5cred;

    ret = make_ccred_from_cred(context, 
			       creds,
			       &v5cred);
    if (ret)
	return ret;

    error = (*a->ccache->func->store_credentials)(a->ccache, &cred);
    if (error)
	ret = translate_cc_error(context, error);

    free_ccred(&v5cred);

    return ret;
}

static krb5_error_code
acc_get_principal(krb5_context context,
		  krb5_ccache id,
		  krb5_principal *principal)
{
    krb5_acc *a = ACACHE(id);
    krb5_error_code ret;
    int32_t error;
    cc_string_t name;

    if (a->ccache == NULL) {
	krb5_set_error_string(context, "No API credential found");
	return KRB5_CC_NOTFOUND;
    }

    error = (*a->ccache->func->get_principal)(a->ccache,
					      cc_credentials_v5,
					      &name);
    if (error)
	return translate_cc_error(context, error);
    
    ret = krb5_parse_name(context, name->data, principal);
    
    (*name->func->release)(name);
    return ret;
}

static krb5_error_code
acc_get_first (krb5_context context,
	       krb5_ccache id,
	       krb5_cc_cursor *cursor)
{
    cc_credentials_iterator_t iter;
    krb5_acc *a = ACACHE(id);
    int32_t error;
    
    if (a->ccache == NULL) {
	krb5_set_error_string(context, "No API credential found");
	return KRB5_CC_NOTFOUND;
    }

    error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
    if (error) {
	krb5_clear_error_string(context);
	return ENOENT;
    }
    *cursor = iter;
    return 0;
}


static krb5_error_code
acc_get_next (krb5_context context,
	      krb5_ccache id,
	      krb5_cc_cursor *cursor,
	      krb5_creds *creds)
{
    cc_credentials_iterator_t iter = *cursor;
    cc_credentials_t cred;
    krb5_error_code ret;
    int32_t error;

    while (1) {
	error = (*iter->func->next)(iter, &cred);
	if (error)
	    return translate_cc_error(context, error);
	if (cred->data->version == cc_credentials_v5)
	    break;
	(*cred->func->release)(cred);
    }

    ret = make_cred_from_ccred(context, 
			       cred->data->credentials.credentials_v5,
			       creds);
    (*cred->func->release)(cred);
    return ret;
}

static krb5_error_code
acc_end_get (krb5_context context,
	     krb5_ccache id,
	     krb5_cc_cursor *cursor)
{
    cc_credentials_iterator_t iter = *cursor;
    (*iter->func->release)(iter);
    return 0;
}

static krb5_error_code
acc_remove_cred(krb5_context context,
		krb5_ccache id,
		krb5_flags which,
		krb5_creds *cred)
{
    cc_credentials_iterator_t iter;
    krb5_acc *a = ACACHE(id);
    cc_credentials_t ccred;
    krb5_error_code ret;
    cc_int32 error;
    char *client, *server;
    
    if (a->ccache == NULL) {
	krb5_set_error_string(context, "No API credential found");
	return KRB5_CC_NOTFOUND;
    }

    if (cred->client) {
	ret = krb5_unparse_name(context, cred->client, &client);
	if (ret)
	    return ret;
    } else
	client = NULL;

    ret = krb5_unparse_name(context, cred->server, &server);
    if (ret) {
	free(client);
	return ret;
    }

    error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter);
    if (error) {
	free(server);
	free(client);
	return translate_cc_error(context, error);
    }

    ret = KRB5_CC_NOTFOUND;
    while (1) {
	cc_credentials_v5_t *v5cred;

	error = (*iter->func->next)(iter, &ccred);
	if (error)
	    break;

	if (ccred->data->version != cc_credentials_v5)
	    goto next;

	v5cred = ccred->data->credentials.credentials_v5;

	if (client && strcmp(v5cred->client, client) != 0)
	    goto next;

	if (strcmp(v5cred->server, server) != 0)
	    goto next;

	(*a->ccache->func->remove_credentials)(a->ccache, ccred);
	ret = 0;
    next:
	(*ccred->func->release)(ccred);
    }

    (*iter->func->release)(iter);

    if (ret)
	krb5_set_error_string(context, "Can't find credential %s in cache", 
			      server);
    free(server);
    free(client);

    return ret;
}

static krb5_error_code
acc_set_flags(krb5_context context,
	      krb5_ccache id,
	      krb5_flags flags)
{
    return 0;
}

static krb5_error_code
acc_get_version(krb5_context context,
		krb5_ccache id)
{
    return 0;
}
		    
struct cache_iter {
    cc_context_t context;
    cc_ccache_iterator_t iter;
};

static krb5_error_code
acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
{
    struct cache_iter *iter;
    krb5_error_code ret;
    cc_int32 error;

    ret = init_ccapi(context);
    if (ret)
	return ret;

    iter = calloc(1, sizeof(*iter));
    if (iter == NULL) {
	krb5_set_error_string(context, "malloc - out of memory");
	return ENOMEM;
    }

    error = (*init_func)(&iter->context, ccapi_version_3, NULL, NULL);
    if (error) {
	free(iter);
	return translate_cc_error(context, error);
    }

    error = (*iter->context->func->new_ccache_iterator)(iter->context,
							&iter->iter);
    if (error) {
	free(iter);
	krb5_clear_error_string(context);
	return ENOENT;
    }
    *cursor = iter;
    return 0;
}

static krb5_error_code
acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
{
    struct cache_iter *iter = cursor;
    cc_ccache_t cache;
    krb5_acc *a;
    krb5_error_code ret;
    int32_t error;

    error = (*iter->iter->func->next)(iter->iter, &cache);
    if (error)
	return translate_cc_error(context, error);

    ret = _krb5_cc_allocate(context, &krb5_acc_ops, id);
    if (ret) {
	(*cache->func->release)(cache);
	return ret;
    }

    ret = acc_alloc(context, id);
    if (ret) {
	(*cache->func->release)(cache);
	free(*id);
	return ret;
    }

    a = ACACHE(*id);
    a->ccache = cache;

    error = get_cc_name(a);
    if (error) {
	acc_close(context, *id);
	*id = NULL;
	return translate_cc_error(context, error);
    }	
    return 0;
}

static krb5_error_code
acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
{
    struct cache_iter *iter = cursor;

    (*iter->iter->func->release)(iter->iter);
    iter->iter = NULL;
    (*iter->context->func->release)(iter->context);
    iter->context = NULL;
    free(iter);
    return 0;
}

static krb5_error_code
acc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
    krb5_acc *afrom = ACACHE(from);
    krb5_acc *ato = ACACHE(to);
    int32_t error;

    if (ato->ccache == NULL) {
	cc_string_t name;

	error = (*afrom->ccache->func->get_principal)(afrom->ccache,
						      cc_credentials_v5,
						      &name);
	if (error)
	    return translate_cc_error(context, error);
    
	error = (*ato->context->func->create_new_ccache)(ato->context,
							 cc_credentials_v5,
							 name->data,
							 &ato->ccache);
	(*name->func->release)(name);
	if (error)
	    return translate_cc_error(context, error);
    }


    error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache);
    return translate_cc_error(context, error);
}

static krb5_error_code
acc_default_name(krb5_context context, char **str)
{
    krb5_error_code ret;
    cc_context_t cc;
    cc_string_t name;
    int32_t error;

    ret = init_ccapi(context);
    if (ret)
	return ret;

    error = (*init_func)(&cc, ccapi_version_3, NULL, NULL);
    if (error)
	return translate_cc_error(context, error);

    error = (*cc->func->get_default_ccache_name)(cc, &name);
    if (error) {
	(*cc->func->release)(cc);
	return translate_cc_error(context, error);
    }
	
    asprintf(str, "API:%s", name->data);
    (*name->func->release)(name);
    (*cc->func->release)(cc);

    if (*str == NULL) {
	krb5_set_error_string(context, "out of memory");
	return ENOMEM;
    }
    return 0;
}


/**
 * Variable containing the API based credential cache implemention.
 *
 * @ingroup krb5_ccache
 */

const krb5_cc_ops krb5_acc_ops = {
    "API",
    acc_get_name,
    acc_resolve,
    acc_gen_new,
    acc_initialize,
    acc_destroy,
    acc_close,
    acc_store_cred,
    NULL, /* acc_retrieve */
    acc_get_principal,
    acc_get_first,
    acc_get_next,
    acc_end_get,
    acc_remove_cred,
    acc_set_flags,
    acc_get_version,
    acc_get_cache_first,
    acc_get_cache_next,
    acc_end_cache_get,
    acc_move,
    acc_default_name
};