oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

First implementation.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22804 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-04-07 11:45:23 +00:00
parent 4f875a4a85
commit f942098565
1 changed files with 592 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

592
lib/krb5/scache.c Normal file
View File

@@ -0,0 +1,592 @@
/*
* Copyright (c) 2008 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "krb5_locl.h"
#include "sqlite3.h"
RCSID("$Id$");
typedef struct krb5_scache {
char *name;
char *file;
sqlite3 *db;
int cid;
/* */
HEIMDAL_MUTEX imutex;
sqlite3_stmt *icred;
sqlite3_stmt *iprincipal;
sqlite3_stmt *icache;
sqlite3_stmt *ucachep;
sqlite3_stmt *scache;
} krb5_scache;
#define SCACHE(X) ((krb5_scache *)(X)->data.data)
#define DEFAULT_SCACHE "/tmp/scache-foo" /* XXX */
#define SCACHE_STRINIFY(x) #x
#define SCACHE_DEF_CID 0
#define SCACHE_DEF_CID_NAME SCACHE_STRINIFY(SCACHE_DEF_CID)
/*
*
*/
#define SQL_CMASTER "" \
"CREATE TABLE master (" \
"version INTEGER NOT NULL," \
"defaultcache INTEGER NOT NULL" \
")"
#define SQL_SETUP_MASTER "INSERT INTO master VALUES(1, " SCACHE_DEF_CID_NAME ")"
#define SQL_CCACHE "" \
"CREATE TABLE caches (" \
"principal TEXT," \
"name TEXT NOT NULL" \
")"
#define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)"
#define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?"
#define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?"
#define SQL_CCREDS "" \
"CREATE TABLE credentials (" \
"cid INTEGER NOT NULL" \
"kvno INTEGER NOT NULL," \
"etype INTEGER NOT NULL," \
"cred BLOB NOT NULL" \
")"
#define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred) VALUES (?,?,?,?)"
#define SQL_CPRINCIPALS "" \
"CREATE TABLE principals (" \
"principal TEXT NOT NULL," \
"type INTEGER NOT NULL," \
"credential_id INTEGER NOT NULL" \
")"
#define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)"
/*
* sqlite destructors
*/
static void
free_data(void *data)
{
free(data);
}
static void
free_krb5(void *str)
{
krb5_xfree(str);
}
/*
*/
static const char*
scc_get_name(krb5_context context,
krb5_ccache id)
{
return SCACHE(id)->name;
}
static krb5_scache *
scc_alloc(const char *name)
{
krb5_scache *s;
ALLOC(s, 1);
if(s == NULL)
return NULL;
/* XXX resolve name */
s->cid = SCACHE_DEF_CID;
s->file = DEFAULT_SCACHE;
s->name = SCACHE_DEF_CID_NAME;
HEIMDAL_MUTEX_init(&s->imutex);
return s;
}
static krb5_error_code
make_database(krb5_context context, krb5_scache *s, int create)
{
int ret;
int flags = SQLITE_OPEN_READWRITE;
if (s->db)
return 0;
if (create)
flags |= SQLITE_OPEN_CREATE;
ret = sqlite3_open_v2(s->file, &s->db, flags, NULL);
if (ret) {
if (s->db) {
krb5_set_error_string(context, "Error opening scache file %s: %s",
s->file, sqlite3_errmsg(s->db));
sqlite3_close(s->db);
s->db = NULL;
} else
krb5_set_error_string(context, "out of memory");
return ENOENT;
}
sqlite3_prepare_v2(s->db, SQL_ICRED, -1, &s->icred, NULL);
sqlite3_prepare_v2(s->db, SQL_IPRINCIPAL, -1, &s->iprincipal, NULL);
sqlite3_prepare_v2(s->db, SQL_ICACHE, -1, &s->icache, NULL);
sqlite3_prepare_v2(s->db, SQL_UCACHE_PRINCIPAL, -1, &s->ucachep, NULL);
sqlite3_prepare_v2(s->db, SQL_SCACHE, -1, &s->scache, NULL);
if (create) {
sqlite3_exec(s->db, SQL_CMASTER, NULL, NULL, NULL);
sqlite3_exec(s->db, SQL_CCACHE, NULL, NULL, NULL);
sqlite3_exec(s->db, SQL_CCREDS, NULL, NULL, NULL);
sqlite3_exec(s->db, SQL_CPRINCIPALS, NULL, NULL, NULL);
sqlite3_exec(s->db, SQL_SETUP_MASTER, NULL, NULL, NULL);
sqlite3_bind_text(s->icache, 1, s->name, -1, free_data);
if (sqlite3_step(s->icred) != SQLITE_DONE)
goto end;
sqlite3_reset(s->icred);
}
return 0;
end:
if (s->db)
sqlite3_close(s->db);
if (create)
unlink(s->file);
krb5_clear_error_string(context);
return ENOENT;
}
#if 0
create_tabels(void)
{
}
#endif
static krb5_error_code
scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
{
krb5_scache *s;
s = scc_alloc(res);
if (s == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
(*id)->data.data = s;
(*id)->data.length = sizeof(*s);
return 0;
}
static krb5_error_code
scc_gen_new(krb5_context context, krb5_ccache *id)
{
krb5_scache *s;
s = scc_alloc(NULL);
if (s == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return KRB5_CC_NOMEM;
}
(*id)->data.data = s;
(*id)->data.length = sizeof(*s);
return 0;
}
static krb5_error_code
scc_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
{
krb5_scache *s = SCACHE(id);
krb5_error_code ret;
char *str;
ret = make_database(context, s, 1);
if (ret)
return ret;
ret = krb5_unparse_name(context, primary_principal, &str);
if (ret)
return ret;
sqlite3_bind_text(s->ucachep, 1, str, -1, free_krb5);
sqlite3_bind_int(s->ucachep, 2, s->cid);
if (sqlite3_step(s->ucachep) != SQLITE_DONE)
ret = EPERM; /* XXX */
sqlite3_reset(s->ucachep);
return ret;
}
static krb5_error_code
scc_close(krb5_context context,
krb5_ccache id)
{
krb5_data_free(&id->data);
return 0;
}
static krb5_error_code
scc_destroy(krb5_context context,
krb5_ccache id)
{
scc_close(context, id);
return 0;
}
static krb5_error_code
encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
{
krb5_error_code ret;
krb5_storage *sp;
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_store_creds(sp, creds);
if (ret) {
krb5_set_error_string(context, "Failed to store credential");
krb5_storage_free(sp);
return ret;
}
ret = krb5_storage_to_data(sp, data);
krb5_storage_free(sp);
if (ret)
krb5_set_error_string(context, "Failed to encode credential");
return ret;
}
static krb5_error_code
scc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
unsigned long long credid;
krb5_scache *s = SCACHE(id);
krb5_error_code ret;
krb5_data data;
char *str;
ret = make_database(context, s, 0);
if (ret)
return ret;
ret = encode_creds(context, creds, &data);
if (ret)
return ret;
{
int kvno = 0;
Ticket t;
size_t len;
ret = decode_Ticket(creds->ticket.data,
creds->ticket.length, &t, &len);
if (ret) {
krb5_set_error_string(context, "Failed to decode ticket");
return ret;
}
if(t.enc_part.kvno)
kvno = *t.enc_part.kvno;
sqlite3_bind_int(s->icred, 1, kvno);
sqlite3_bind_int(s->icred, 2, t.enc_part.etype);
free_Ticket(&t);
}
sqlite3_bind_blob(s->icred, 3, data.data, data.length, free_data);
sqlite3_exec(s->db, "BEGIN TRANSACTION", NULL, NULL, NULL);
if (sqlite3_step(s->icred) != SQLITE_DONE)
goto rollback;
sqlite3_reset(s->icred);
credid = sqlite3_last_insert_rowid(s->db);
{
krb5_unparse_name(context, creds->server, &str);
sqlite3_bind_text(s->iprincipal, 1, str, -1, free_krb5);
sqlite3_bind_int(s->iprincipal, 2, 1);
sqlite3_bind_int(s->iprincipal, 3, credid);
if (sqlite3_step(s->icred) != SQLITE_DONE)
goto rollback;
sqlite3_reset(s->icred);
}
{
krb5_unparse_name(context, creds->client, &str);
sqlite3_bind_text(s->iprincipal, 1, str, -1, free_krb5);
sqlite3_bind_int(s->iprincipal, 2, 0);
sqlite3_bind_int(s->iprincipal, 3, credid);
if (sqlite3_step(s->icred) != SQLITE_DONE)
goto rollback;
sqlite3_reset(s->icred);
}
sqlite3_exec(s->db, "END TRANSACTION", NULL, NULL, NULL);
return 0;
rollback:
sqlite3_exec(s->db, "ROLLBACK", NULL, NULL, NULL);
return ret;
}
static krb5_error_code
scc_get_principal(krb5_context context,
krb5_ccache id,
krb5_principal *principal)
{
krb5_scache *s = SCACHE(id);
krb5_error_code ret;
const char *str;
*principal = NULL;
ret = make_database(context, s, 0);
if (ret)
return ret;
sqlite3_bind_int(s->scache, 1, s->cid);
if (sqlite3_step(s->scache) != SQLITE_DONE) {
sqlite3_reset(s->scache);
krb5_clear_error_string(context);
return ENOENT;
}
if (sqlite3_column_type(s->scache, 2) == SQLITE_TEXT) {
sqlite3_reset(s->scache);
krb5_clear_error_string(context);
return ENOENT;
}
str = (const char *)sqlite3_column_text(s->scache, 2);
if (str == NULL) {
sqlite3_reset(s->scache);
krb5_clear_error_string(context);
return ENOENT;
}
ret = krb5_parse_name(context, str, principal);
sqlite3_reset(s->scache);
return ret;
}
static krb5_error_code
scc_get_first (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
krb5_scache *s = SCACHE(id);
krb5_error_code ret;
ret = make_database(context, s, 0);
if (ret)
return ret;
krb5_clear_error_string(context);
return KRB5_CC_END;
}
static krb5_error_code
scc_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_clear_error_string(context);
return KRB5_CC_END;
}
static krb5_error_code
scc_end_get (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
return 0;
}
static krb5_error_code
scc_remove_cred(krb5_context context,
krb5_ccache id,
krb5_flags which,
krb5_creds *mcreds)
{
krb5_scache *s = SCACHE(id);
krb5_error_code ret;
ret = make_database(context, s, 0);
if (ret)
return ret;
return 0;
}
static krb5_error_code
scc_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
{
return 0; /* XXX */
}
static krb5_error_code
scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
{
krb5_clear_error_string(context);
return KRB5_CC_END;
}
static krb5_error_code
scc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
{
krb5_clear_error_string(context);
return KRB5_CC_END;
}
static krb5_error_code
scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
{
return 0;
}
static krb5_error_code
scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_scache *sfrom = SCACHE(from);
krb5_scache *sto = SCACHE(to);
krb5_error_code ret;
ret = make_database(context, sfrom, 0);
if (ret)
return ret;
ret = make_database(context, sto, 1);
if (ret)
return ret;
return 0;
}
static krb5_error_code
scc_default_name(krb5_context context, char **str)
{
asprintf(str, "SCACHE:%s:%s", DEFAULT_SCACHE, SCACHE_DEF_CID_NAME);
if (*str == NULL) {
krb5_set_error_string(context, "out of memory");
return ENOMEM;
}
return 0;
}
/**
* Variable containing the SCACHE based credential cache implemention.
*
* @ingroup krb5_ccache
*/
const krb5_cc_ops krb5_scc_ops = {
"SCACHE",
scc_get_name,
scc_resolve,
scc_gen_new,
scc_initialize,
scc_destroy,
scc_close,
scc_store_cred,
NULL, /* scc_retrieve */
scc_get_principal,
scc_get_first,
scc_get_next,
scc_end_get,
scc_remove_cred,
scc_set_flags,
NULL,
scc_get_cache_first,
scc_get_cache_next,
scc_end_cache_get,
scc_move,
scc_default_name
};