2 * Copyright (c) 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
40 typedef struct krb5_scache {
49 sqlite3_stmt *iprincipal;
52 sqlite3_stmt *ucachen;
53 sqlite3_stmt *ucachep;
56 sqlite3_stmt *scache_name;
57 sqlite3_stmt *umaster;
61 #define SCACHE(X) ((krb5_scache *)(X)->data.data)
63 #define SCACHE_DEF_NAME "Default-cache"
64 #ifdef KRB5_USE_PATH_TOKENS
65 #define KRB5_SCACHE_DB "%{TEMP}/krb5scc_%{uid}"
67 #define KRB5_SCACHE_DB "/tmp/krb5scc_%{uid}"
69 #define KRB5_SCACHE_NAME "SCC:" SCACHE_DEF_NAME ":" KRB5_SCACHE_DB
71 #define SCACHE_INVALID_CID ((sqlite_uint64)-1)
77 #define SQL_CMASTER "" \
78 "CREATE TABLE master (" \
79 "oid INTEGER PRIMARY KEY," \
80 "version INTEGER NOT NULL," \
81 "defaultcache TEXT NOT NULL" \
84 #define SQL_SETUP_MASTER \
85 "INSERT INTO master (version,defaultcache) VALUES(2, \"" SCACHE_DEF_NAME "\")"
86 #define SQL_UMASTER "UPDATE master SET defaultcache=? WHERE version=2"
88 #define SQL_CCACHE "" \
89 "CREATE TABLE caches (" \
90 "oid INTEGER PRIMARY KEY," \
92 "name TEXT NOT NULL" \
95 #define SQL_TCACHE "" \
96 "CREATE TRIGGER CacheDropCreds AFTER DELETE ON caches " \
97 "FOR EACH ROW BEGIN " \
98 "DELETE FROM credentials WHERE cid=old.oid;" \
101 #define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)"
102 #define SQL_UCACHE_NAME "UPDATE caches SET name=? WHERE OID=?"
103 #define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?"
104 #define SQL_DCACHE "DELETE FROM caches WHERE OID=?"
105 #define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?"
106 #define SQL_SCACHE_NAME "SELECT oid FROM caches WHERE NAME=?"
108 #define SQL_CCREDS "" \
109 "CREATE TABLE credentials (" \
110 "oid INTEGER PRIMARY KEY," \
111 "cid INTEGER NOT NULL," \
112 "kvno INTEGER NOT NULL," \
113 "etype INTEGER NOT NULL," \
114 "created_at INTEGER NOT NULL," \
115 "cred BLOB NOT NULL" \
118 #define SQL_TCRED "" \
119 "CREATE TRIGGER credDropPrincipal AFTER DELETE ON credentials " \
120 "FOR EACH ROW BEGIN " \
121 "DELETE FROM principals WHERE credential_id=old.oid;" \
124 #define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred, created_at) VALUES (?,?,?,?,?)"
125 #define SQL_DCRED "DELETE FROM credentials WHERE cid=?"
127 #define SQL_CPRINCIPALS "" \
128 "CREATE TABLE principals (" \
129 "oid INTEGER PRIMARY KEY," \
130 "principal TEXT NOT NULL," \
131 "type INTEGER NOT NULL," \
132 "credential_id INTEGER NOT NULL" \
135 #define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)"
142 free_data(void *data)
154 scc_free(krb5_scache *s)
162 sqlite3_finalize(s->icred);
164 sqlite3_finalize(s->dcred);
166 sqlite3_finalize(s->iprincipal);
168 sqlite3_finalize(s->icache);
170 sqlite3_finalize(s->ucachen);
172 sqlite3_finalize(s->ucachep);
174 sqlite3_finalize(s->dcache);
176 sqlite3_finalize(s->scache);
178 sqlite3_finalize(s->scache_name);
180 sqlite3_finalize(s->umaster);
183 sqlite3_close(s->db);
189 trace(void* ptr, const char * str)
191 printf("SQL: %s\n", str);
195 static krb5_error_code
196 prepare_stmt(krb5_context context, sqlite3 *db,
197 sqlite3_stmt **stmt, const char *str)
201 ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL);
202 if (ret != SQLITE_OK) {
203 krb5_set_error_message(context, ENOENT,
204 N_("Failed to prepare stmt %s: %s", ""),
205 str, sqlite3_errmsg(db));
211 static krb5_error_code
212 exec_stmt(krb5_context context, sqlite3 *db, const char *str,
213 krb5_error_code code)
217 ret = sqlite3_exec(db, str, NULL, NULL, NULL);
218 if (ret != SQLITE_OK && code) {
219 krb5_set_error_message(context, code,
220 N_("scache execute %s: %s", ""), str,
227 static krb5_error_code
228 default_db(krb5_context context, sqlite3 **db)
233 ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &name);
237 ret = sqlite3_open_v2(name, db, SQLITE_OPEN_READWRITE, NULL);
239 if (ret != SQLITE_OK) {
240 krb5_clear_error_message(context);
245 sqlite3_trace(*db, trace, NULL);
251 static krb5_error_code
252 get_def_name(krb5_context context, char **str)
259 ret = default_db(context, &db);
263 ret = prepare_stmt(context, db, &stmt, "SELECT defaultcache FROM master");
269 ret = sqlite3_step(stmt);
270 if (ret != SQLITE_ROW)
273 if (sqlite3_column_type(stmt, 0) != SQLITE_TEXT)
276 name = (const char *)sqlite3_column_text(stmt, 0);
284 sqlite3_finalize(stmt);
288 sqlite3_finalize(stmt);
290 krb5_clear_error_message(context);
296 static krb5_scache * KRB5_CALLCONV
297 scc_alloc(krb5_context context, const char *name)
306 s->cid = SCACHE_INVALID_CID;
313 ret = get_def_name(context, &s->name);
315 s->name = strdup(SCACHE_DEF_NAME);
317 s->name = strdup(name);
319 file = strrchr(s->name, ':');
322 s->file = strdup(file);
325 ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
328 _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file);
329 ret = asprintf(&s->name, "unique-%p", s);
331 if (ret < 0 || s->file == NULL || s->name == NULL) {
339 static krb5_error_code
340 open_database(krb5_context context, krb5_scache *s, int flags)
344 ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL);
347 krb5_set_error_message(context, ENOENT,
348 N_("Error opening scache file %s: %s", ""),
349 s->file, sqlite3_errmsg(s->db));
350 sqlite3_close(s->db);
353 krb5_set_error_message(context, ENOENT,
354 N_("malloc: out of memory", ""));
360 static krb5_error_code
361 create_cache(krb5_context context, krb5_scache *s)
365 sqlite3_bind_text(s->icache, 1, s->name, -1, NULL);
367 ret = sqlite3_step(s->icache);
368 } while (ret == SQLITE_ROW);
369 if (ret != SQLITE_DONE) {
370 krb5_set_error_message(context, KRB5_CC_IO,
371 N_("Failed to add scache: %d", ""), ret);
374 sqlite3_reset(s->icache);
376 s->cid = sqlite3_last_insert_rowid(s->db);
381 static krb5_error_code
382 make_database(krb5_context context, krb5_scache *s)
384 int created_file = 0;
390 ret = open_database(context, s, 0);
392 mode_t oldumask = umask(077);
393 ret = open_database(context, s, SQLITE_OPEN_CREATE);
399 ret = exec_stmt(context, s->db, SQL_CMASTER, KRB5_CC_IO);
401 ret = exec_stmt(context, s->db, SQL_CCACHE, KRB5_CC_IO);
403 ret = exec_stmt(context, s->db, SQL_CCREDS, KRB5_CC_IO);
405 ret = exec_stmt(context, s->db, SQL_CPRINCIPALS, KRB5_CC_IO);
407 ret = exec_stmt(context, s->db, SQL_SETUP_MASTER, KRB5_CC_IO);
410 ret = exec_stmt(context, s->db, SQL_TCACHE, KRB5_CC_IO);
412 ret = exec_stmt(context, s->db, SQL_TCRED, KRB5_CC_IO);
417 sqlite3_trace(s->db, trace, NULL);
420 ret = prepare_stmt(context, s->db, &s->icred, SQL_ICRED);
422 ret = prepare_stmt(context, s->db, &s->dcred, SQL_DCRED);
424 ret = prepare_stmt(context, s->db, &s->iprincipal, SQL_IPRINCIPAL);
426 ret = prepare_stmt(context, s->db, &s->icache, SQL_ICACHE);
428 ret = prepare_stmt(context, s->db, &s->ucachen, SQL_UCACHE_NAME);
430 ret = prepare_stmt(context, s->db, &s->ucachep, SQL_UCACHE_PRINCIPAL);
432 ret = prepare_stmt(context, s->db, &s->dcache, SQL_DCACHE);
434 ret = prepare_stmt(context, s->db, &s->scache, SQL_SCACHE);
436 ret = prepare_stmt(context, s->db, &s->scache_name, SQL_SCACHE_NAME);
438 ret = prepare_stmt(context, s->db, &s->umaster, SQL_UMASTER);
445 sqlite3_close(s->db);
452 static krb5_error_code
453 bind_principal(krb5_context context,
457 krb5_const_principal principal)
462 ret = krb5_unparse_name(context, principal, &str);
466 ret = sqlite3_bind_text(stmt, col, str, -1, free_krb5);
467 if (ret != SQLITE_OK) {
469 krb5_set_error_message(context, ENOMEM,
470 N_("scache bind principal: %s", ""),
481 static const char* KRB5_CALLCONV
482 scc_get_name(krb5_context context,
485 return SCACHE(id)->name;
488 static krb5_error_code KRB5_CALLCONV
489 scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
494 s = scc_alloc(context, res);
496 krb5_set_error_message(context, KRB5_CC_NOMEM,
497 N_("malloc: out of memory", ""));
498 return KRB5_CC_NOMEM;
501 ret = make_database(context, s);
507 ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL);
508 if (ret != SQLITE_OK) {
509 krb5_set_error_message(context, ENOMEM,
510 "bind name: %s", sqlite3_errmsg(s->db));
515 if (sqlite3_step(s->scache_name) == SQLITE_ROW) {
517 if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) {
518 sqlite3_reset(s->scache_name);
519 krb5_set_error_message(context, KRB5_CC_END,
520 N_("Cache name of wrong type "
521 "for scache %s", ""),
527 s->cid = sqlite3_column_int(s->scache_name, 0);
529 s->cid = SCACHE_INVALID_CID;
531 sqlite3_reset(s->scache_name);
533 (*id)->data.data = s;
534 (*id)->data.length = sizeof(*s);
539 static krb5_error_code KRB5_CALLCONV
540 scc_gen_new(krb5_context context, krb5_ccache *id)
544 s = scc_alloc(context, NULL);
547 krb5_set_error_message(context, KRB5_CC_NOMEM,
548 N_("malloc: out of memory", ""));
549 return KRB5_CC_NOMEM;
552 (*id)->data.data = s;
553 (*id)->data.length = sizeof(*s);
558 static krb5_error_code KRB5_CALLCONV
559 scc_initialize(krb5_context context,
561 krb5_principal primary_principal)
563 krb5_scache *s = SCACHE(id);
566 ret = make_database(context, s);
570 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
573 if (s->cid == SCACHE_INVALID_CID) {
574 ret = create_cache(context, s);
578 sqlite3_bind_int(s->dcred, 1, s->cid);
580 ret = sqlite3_step(s->dcred);
581 } while (ret == SQLITE_ROW);
582 sqlite3_reset(s->dcred);
583 if (ret != SQLITE_DONE) {
585 krb5_set_error_message(context, ret,
586 N_("Failed to delete old "
587 "credentials: %s", ""),
588 sqlite3_errmsg(s->db));
593 ret = bind_principal(context, s->db, s->ucachep, 1, primary_principal);
596 sqlite3_bind_int(s->ucachep, 2, s->cid);
599 ret = sqlite3_step(s->ucachep);
600 } while (ret == SQLITE_ROW);
601 sqlite3_reset(s->ucachep);
602 if (ret != SQLITE_DONE) {
604 krb5_set_error_message(context, ret,
605 N_("Failed to bind principal to cache %s", ""),
606 sqlite3_errmsg(s->db));
610 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
616 exec_stmt(context, s->db, "ROLLBACK", 0);
622 static krb5_error_code KRB5_CALLCONV
623 scc_close(krb5_context context,
626 scc_free(SCACHE(id));
630 static krb5_error_code KRB5_CALLCONV
631 scc_destroy(krb5_context context,
634 krb5_scache *s = SCACHE(id);
637 if (s->cid == SCACHE_INVALID_CID)
640 sqlite3_bind_int(s->dcache, 1, s->cid);
642 ret = sqlite3_step(s->dcache);
643 } while (ret == SQLITE_ROW);
644 sqlite3_reset(s->dcache);
645 if (ret != SQLITE_DONE) {
646 krb5_set_error_message(context, KRB5_CC_IO,
647 N_("Failed to destroy cache %s: %s", ""),
648 s->name, sqlite3_errmsg(s->db));
654 static krb5_error_code
655 encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
660 sp = krb5_storage_emem();
662 krb5_set_error_message(context, ENOMEM,
663 N_("malloc: out of memory", ""));
667 ret = krb5_store_creds(sp, creds);
669 krb5_set_error_message(context, ret,
670 N_("Failed to store credential in scache", ""));
671 krb5_storage_free(sp);
675 ret = krb5_storage_to_data(sp, data);
676 krb5_storage_free(sp);
678 krb5_set_error_message(context, ret,
679 N_("Failed to encode credential in scache", ""));
683 static krb5_error_code
684 decode_creds(krb5_context context, const void *data, size_t length,
690 sp = krb5_storage_from_readonly_mem(data, length);
692 krb5_set_error_message(context, ENOMEM,
693 N_("malloc: out of memory", ""));
697 ret = krb5_ret_creds(sp, creds);
698 krb5_storage_free(sp);
700 krb5_set_error_message(context, ret,
701 N_("Failed to read credential in scache", ""));
708 static krb5_error_code KRB5_CALLCONV
709 scc_store_cred(krb5_context context,
713 sqlite_uint64 credid;
714 krb5_scache *s = SCACHE(id);
718 ret = make_database(context, s);
722 ret = encode_creds(context, creds, &data);
726 sqlite3_bind_int(s->icred, 1, s->cid);
728 krb5_enctype etype = 0;
733 ret = decode_Ticket(creds->ticket.data,
734 creds->ticket.length, &t, &len);
737 kvno = *t.enc_part.kvno;
739 etype = t.enc_part.etype;
744 sqlite3_bind_int(s->icred, 2, kvno);
745 sqlite3_bind_int(s->icred, 3, etype);
749 sqlite3_bind_blob(s->icred, 4, data.data, data.length, free_data);
750 sqlite3_bind_int(s->icred, 5, time(NULL));
752 ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
756 ret = sqlite3_step(s->icred);
757 } while (ret == SQLITE_ROW);
758 sqlite3_reset(s->icred);
759 if (ret != SQLITE_DONE) {
761 krb5_set_error_message(context, ret,
762 N_("Failed to add credential: %s", ""),
763 sqlite3_errmsg(s->db));
767 credid = sqlite3_last_insert_rowid(s->db);
770 bind_principal(context, s->db, s->iprincipal, 1, creds->server);
771 sqlite3_bind_int(s->iprincipal, 2, 1);
772 sqlite3_bind_int(s->iprincipal, 3, credid);
775 ret = sqlite3_step(s->iprincipal);
776 } while (ret == SQLITE_ROW);
777 sqlite3_reset(s->iprincipal);
778 if (ret != SQLITE_DONE) {
780 krb5_set_error_message(context, ret,
781 N_("Failed to add principal: %s", ""),
782 sqlite3_errmsg(s->db));
788 bind_principal(context, s->db, s->iprincipal, 1, creds->client);
789 sqlite3_bind_int(s->iprincipal, 2, 0);
790 sqlite3_bind_int(s->iprincipal, 3, credid);
793 ret = sqlite3_step(s->iprincipal);
794 } while (ret == SQLITE_ROW);
795 sqlite3_reset(s->iprincipal);
796 if (ret != SQLITE_DONE) {
798 krb5_set_error_message(context, ret,
799 N_("Failed to add principal: %s", ""),
800 sqlite3_errmsg(s->db));
805 ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO);
811 exec_stmt(context, s->db, "ROLLBACK", 0);
816 static krb5_error_code KRB5_CALLCONV
817 scc_get_principal(krb5_context context,
819 krb5_principal *principal)
821 krb5_scache *s = SCACHE(id);
827 ret = make_database(context, s);
831 sqlite3_bind_int(s->scache, 1, s->cid);
833 if (sqlite3_step(s->scache) != SQLITE_ROW) {
834 sqlite3_reset(s->scache);
835 krb5_set_error_message(context, KRB5_CC_END,
836 N_("No principal for cache SCC:%s:%s", ""),
841 if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) {
842 sqlite3_reset(s->scache);
843 krb5_set_error_message(context, KRB5_CC_END,
844 N_("Principal data of wrong type "
845 "for SCC:%s:%s", ""),
850 str = (const char *)sqlite3_column_text(s->scache, 0);
852 sqlite3_reset(s->scache);
853 krb5_set_error_message(context, KRB5_CC_END,
854 N_("Principal not set for SCC:%s:%s", ""),
859 ret = krb5_parse_name(context, str, principal);
861 sqlite3_reset(s->scache);
869 sqlite3_stmt *credstmt;
872 static krb5_error_code KRB5_CALLCONV
873 scc_get_first (krb5_context context,
875 krb5_cc_cursor *cursor)
877 krb5_scache *s = SCACHE(id);
879 struct cred_ctx *ctx;
880 char *str = NULL, *name = NULL;
884 ctx = calloc(1, sizeof(*ctx));
886 krb5_set_error_message(context, ENOMEM,
887 N_("malloc: out of memory", ""));
891 ret = make_database(context, s);
897 if (s->cid == SCACHE_INVALID_CID) {
898 krb5_set_error_message(context, KRB5_CC_END,
899 N_("Iterating a invalid scache %s", ""),
905 ret = asprintf(&name, "credIteration%pPid%d",
907 if (ret < 0 || name == NULL) {
908 krb5_set_error_message(context, ENOMEM,
909 N_("malloc: out of memory", ""));
914 ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
915 if (ret < 0 || ctx->drop == NULL) {
916 krb5_set_error_message(context, ENOMEM,
917 N_("malloc: out of memory", ""));
923 ret = asprintf(&str, "CREATE TEMPORARY TABLE %s "
924 "AS SELECT oid,created_at FROM credentials WHERE cid = %lu",
925 name, (unsigned long)s->cid);
926 if (ret < 0 || str == NULL) {
933 ret = exec_stmt(context, s->db, str, KRB5_CC_IO);
943 ret = asprintf(&str, "SELECT oid FROM %s ORDER BY created_at", name);
944 if (ret < 0 || str == NULL) {
945 exec_stmt(context, s->db, ctx->drop, 0);
952 ret = prepare_stmt(context, s->db, &ctx->stmt, str);
957 exec_stmt(context, s->db, ctx->drop, 0);
963 ret = prepare_stmt(context, s->db, &ctx->credstmt,
964 "SELECT cred FROM credentials WHERE oid = ?");
966 sqlite3_finalize(ctx->stmt);
967 exec_stmt(context, s->db, ctx->drop, 0);
978 static krb5_error_code KRB5_CALLCONV
979 scc_get_next (krb5_context context,
981 krb5_cc_cursor *cursor,
984 struct cred_ctx *ctx = *cursor;
985 krb5_scache *s = SCACHE(id);
988 const void *data = NULL;
992 ret = sqlite3_step(ctx->stmt);
993 if (ret == SQLITE_DONE) {
994 krb5_clear_error_message(context);
996 } else if (ret != SQLITE_ROW) {
997 krb5_set_error_message(context, KRB5_CC_IO,
998 N_("scache Database failed: %s", ""),
999 sqlite3_errmsg(s->db));
1003 oid = sqlite3_column_int64(ctx->stmt, 0);
1005 /* read cred from credentials table */
1007 sqlite3_bind_int(ctx->credstmt, 1, oid);
1009 ret = sqlite3_step(ctx->credstmt);
1010 if (ret != SQLITE_ROW) {
1011 sqlite3_reset(ctx->credstmt);
1015 if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) {
1016 krb5_set_error_message(context, KRB5_CC_END,
1017 N_("credential of wrong type for SCC:%s:%s", ""),
1019 sqlite3_reset(ctx->credstmt);
1023 data = sqlite3_column_blob(ctx->credstmt, 0);
1024 len = sqlite3_column_bytes(ctx->credstmt, 0);
1026 ret = decode_creds(context, data, len, creds);
1027 sqlite3_reset(ctx->credstmt);
1031 static krb5_error_code KRB5_CALLCONV
1032 scc_end_get (krb5_context context,
1034 krb5_cc_cursor *cursor)
1036 struct cred_ctx *ctx = *cursor;
1037 krb5_scache *s = SCACHE(id);
1039 sqlite3_finalize(ctx->stmt);
1040 sqlite3_finalize(ctx->credstmt);
1042 exec_stmt(context, s->db, ctx->drop, 0);
1050 static krb5_error_code KRB5_CALLCONV
1051 scc_remove_cred(krb5_context context,
1056 krb5_scache *s = SCACHE(id);
1057 krb5_error_code ret;
1059 sqlite_uint64 credid = 0;
1060 const void *data = NULL;
1063 ret = make_database(context, s);
1067 ret = prepare_stmt(context, s->db, &stmt,
1068 "SELECT cred,oid FROM credentials "
1073 sqlite3_bind_int(stmt, 1, s->cid);
1075 /* find credential... */
1079 ret = sqlite3_step(stmt);
1080 if (ret == SQLITE_DONE) {
1083 } else if (ret != SQLITE_ROW) {
1085 krb5_set_error_message(context, ret,
1086 N_("scache Database failed: %s", ""),
1087 sqlite3_errmsg(s->db));
1091 if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) {
1093 krb5_set_error_message(context, ret,
1094 N_("Credential of wrong type "
1095 "for SCC:%s:%s", ""),
1100 data = sqlite3_column_blob(stmt, 0);
1101 len = sqlite3_column_bytes(stmt, 0);
1103 ret = decode_creds(context, data, len, &creds);
1107 ret = krb5_compare_creds(context, which, mcreds, &creds);
1108 krb5_free_cred_contents(context, &creds);
1110 credid = sqlite3_column_int64(stmt, 1);
1116 sqlite3_finalize(stmt);
1119 ret = prepare_stmt(context, s->db, &stmt,
1120 "DELETE FROM credentials WHERE oid=?");
1123 sqlite3_bind_int(stmt, 1, credid);
1126 ret = sqlite3_step(stmt);
1127 } while (ret == SQLITE_ROW);
1128 sqlite3_finalize(stmt);
1129 if (ret != SQLITE_DONE) {
1131 krb5_set_error_message(context, ret,
1132 N_("failed to delete scache credental", ""));
1140 static krb5_error_code KRB5_CALLCONV
1141 scc_set_flags(krb5_context context,
1154 static krb5_error_code KRB5_CALLCONV
1155 scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
1157 struct cache_iter *ctx;
1158 krb5_error_code ret;
1159 char *name = NULL, *str = NULL;
1163 ctx = calloc(1, sizeof(*ctx));
1165 krb5_set_error_message(context, ENOMEM,
1166 N_("malloc: out of memory", ""));
1170 ret = default_db(context, &ctx->db);
1171 if (ctx->db == NULL) {
1176 ret = asprintf(&name, "cacheIteration%pPid%d",
1177 ctx, (int)getpid());
1178 if (ret < 0 || name == NULL) {
1179 krb5_set_error_message(context, ENOMEM,
1180 N_("malloc: out of memory", ""));
1181 sqlite3_close(ctx->db);
1186 ret = asprintf(&ctx->drop, "DROP TABLE %s", name);
1187 if (ret < 0 || ctx->drop == NULL) {
1188 krb5_set_error_message(context, ENOMEM,
1189 N_("malloc: out of memory", ""));
1190 sqlite3_close(ctx->db);
1196 ret = asprintf(&str, "CREATE TEMPORARY TABLE %s AS SELECT name FROM caches",
1198 if (ret < 0 || str == NULL) {
1199 krb5_set_error_message(context, ENOMEM,
1200 N_("malloc: out of memory", ""));
1201 sqlite3_close(ctx->db);
1208 ret = exec_stmt(context, ctx->db, str, KRB5_CC_IO);
1212 sqlite3_close(ctx->db);
1219 ret = asprintf(&str, "SELECT name FROM %s", name);
1221 if (ret < 0 || str == NULL) {
1222 exec_stmt(context, ctx->db, ctx->drop, 0);
1223 sqlite3_close(ctx->db);
1230 ret = prepare_stmt(context, ctx->db, &ctx->stmt, str);
1233 exec_stmt(context, ctx->db, ctx->drop, 0);
1234 sqlite3_close(ctx->db);
1245 static krb5_error_code KRB5_CALLCONV
1246 scc_get_cache_next(krb5_context context,
1247 krb5_cc_cursor cursor,
1250 struct cache_iter *ctx = cursor;
1251 krb5_error_code ret;
1255 ret = sqlite3_step(ctx->stmt);
1256 if (ret == SQLITE_DONE) {
1257 krb5_clear_error_message(context);
1259 } else if (ret != SQLITE_ROW) {
1260 krb5_set_error_message(context, KRB5_CC_IO,
1261 N_("Database failed: %s", ""),
1262 sqlite3_errmsg(ctx->db));
1266 if (sqlite3_column_type(ctx->stmt, 0) != SQLITE_TEXT)
1269 name = (const char *)sqlite3_column_text(ctx->stmt, 0);
1273 ret = _krb5_cc_allocate(context, &krb5_scc_ops, id);
1277 return scc_resolve(context, id, name);
1280 static krb5_error_code KRB5_CALLCONV
1281 scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor)
1283 struct cache_iter *ctx = cursor;
1285 exec_stmt(context, ctx->db, ctx->drop, 0);
1286 sqlite3_finalize(ctx->stmt);
1287 sqlite3_close(ctx->db);
1293 static krb5_error_code KRB5_CALLCONV
1294 scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1296 krb5_scache *sfrom = SCACHE(from);
1297 krb5_scache *sto = SCACHE(to);
1298 krb5_error_code ret;
1300 if (strcmp(sfrom->file, sto->file) != 0) {
1301 krb5_set_error_message(context, KRB5_CC_BADNAME,
1302 N_("Can't handle cross database "
1303 "credential move: %s -> %s", ""),
1304 sfrom->file, sto->file);
1305 return KRB5_CC_BADNAME;
1308 ret = make_database(context, sfrom);
1312 ret = exec_stmt(context, sfrom->db,
1313 "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO);
1314 if (ret) return ret;
1316 if (sto->cid != SCACHE_INVALID_CID) {
1317 /* drop old cache entry */
1319 sqlite3_bind_int(sfrom->dcache, 1, sto->cid);
1321 ret = sqlite3_step(sfrom->dcache);
1322 } while (ret == SQLITE_ROW);
1323 sqlite3_reset(sfrom->dcache);
1324 if (ret != SQLITE_DONE) {
1325 krb5_set_error_message(context, KRB5_CC_IO,
1326 N_("Failed to delete old cache: %d", ""),
1332 sqlite3_bind_text(sfrom->ucachen, 1, sto->name, -1, NULL);
1333 sqlite3_bind_int(sfrom->ucachen, 2, sfrom->cid);
1336 ret = sqlite3_step(sfrom->ucachen);
1337 } while (ret == SQLITE_ROW);
1338 sqlite3_reset(sfrom->ucachen);
1339 if (ret != SQLITE_DONE) {
1340 krb5_set_error_message(context, KRB5_CC_IO,
1341 N_("Failed to update new cache: %d", ""),
1346 sto->cid = sfrom->cid;
1348 ret = exec_stmt(context, sfrom->db, "COMMIT", KRB5_CC_IO);
1349 if (ret) return ret;
1356 exec_stmt(context, sfrom->db, "ROLLBACK", 0);
1362 static krb5_error_code KRB5_CALLCONV
1363 scc_get_default_name(krb5_context context, char **str)
1365 krb5_error_code ret;
1370 ret = get_def_name(context, &name);
1372 return _krb5_expand_default_cc_name(context, KRB5_SCACHE_NAME, str);
1374 ret = asprintf(str, "SCC:%s", name);
1376 if (ret < 0 || *str == NULL) {
1377 krb5_set_error_message(context, ENOMEM,
1378 N_("malloc: out of memory", ""));
1384 static krb5_error_code KRB5_CALLCONV
1385 scc_set_default(krb5_context context, krb5_ccache id)
1387 krb5_scache *s = SCACHE(id);
1388 krb5_error_code ret;
1390 if (s->cid == SCACHE_INVALID_CID) {
1391 krb5_set_error_message(context, KRB5_CC_IO,
1392 N_("Trying to set a invalid cache "
1393 "as default %s", ""),
1398 ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL);
1400 sqlite3_reset(s->umaster);
1401 krb5_set_error_message(context, KRB5_CC_IO,
1402 N_("Failed to set name of default cache", ""));
1407 ret = sqlite3_step(s->umaster);
1408 } while (ret == SQLITE_ROW);
1409 sqlite3_reset(s->umaster);
1410 if (ret != SQLITE_DONE) {
1411 krb5_set_error_message(context, KRB5_CC_IO,
1412 N_("Failed to update default cache", ""));
1420 * Variable containing the SCC based credential cache implemention.
1422 * @ingroup krb5_ccache
1425 KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = {
1426 KRB5_CC_OPS_VERSION,
1435 NULL, /* scc_retrieve */
1443 scc_get_cache_first,
1447 scc_get_default_name,
projects / FreeBSD / releng / 10.0.git / blob