From d3dd3d147aa403135d07bfca685aced769e361c2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 4 May 2014 11:57:16 -0400 Subject: Modernize cc_file.c and cc_keyring.c Rename functions not to use the krb5_ prefix, and to use the fcc_ or krcc_ prefixes only for ccache method implementations. Use shorter function comments and add missing comments in some cases. Remove forward declarations where they aren't needed. Use native types (uint16_t, void *, etc.) in preference to Kerberos type wrappers. Use "ret" as the variable name for krb5_error_code return values. Use 0 instead of KRB5_OK. Make whitespace conform to current practice. Remove old #if 0 blocks. Don't cast to and from void * or between integer types when C guarantees an implicit cast. Use literal 2 and 4 for the size of fixed-width 16-bit and 32-bit types. In cc_file.c, rewrite the header comment to specify the header format as updated by version 4 and refer to ccmarshal.c for the principal and credential format. Also add a helper function to return the cache version as an integer from 1 to 4, allowing more concise version checks. --- src/lib/krb5/ccache/cc_file.c | 2043 +++++++++++++++----------------------- src/lib/krb5/ccache/cc_keyring.c | 1970 ++++++++++++++++-------------------- 2 files changed, 1665 insertions(+), 2348 deletions(-) (limited to 'src/lib/krb5') diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 3ba13188c..b2124f8f4 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -27,51 +27,40 @@ */ /* - If OPENCLOSE is defined, each of the functions opens and closes the - file whenever it needs to access it. Otherwise, the file is opened - once in initialize and closed once is close. - - This library depends on UNIX-like file descriptors, and UNIX-like - behavior from the functions: open, close, read, write, lseek. - - The quasi-BNF grammar for a credentials cache: - - file ::= - principal list-of-credentials - - credential ::= - client (principal) - server (principal) - keyblock (keyblock) - times (ticket_times) - is_skey (boolean) - ticket_flags (flags) - ticket (data) - second_ticket (data) - - principal ::= - number of components (int32) - component 1 (data) - component 2 (data) - ... - - data ::= - length (int32) - string of length bytes - - etc. -*/ -/* todo: - Make sure that each time a function returns KRB5_NOMEM, everything - allocated earlier in the function and stack tree is freed. - - File locking - - Use pread/pwrite if available, so multiple threads can read - simultaneously. (That may require reader/writer locks.) - - fcc_nseq.c and fcc_read don't check return values a lot. -*/ + * A psuedo-BNF grammar for the FILE credential cache format is: + * + * file ::= + * version (2 bytes; 05 01 for version 1 through 05 04 for version 4) + * header [not present before version 4] + * principal + * credential1 + * credential2 + * ... + * + * header ::= + * headerlen (16 bits) + * header1tag (16 bits) + * header1len (16 bits) + * header1val (header1len bytes) + * + * See ccmarshal.c for the principal and credential formats. Although versions + * 1 and 2 of the FILE format use native byte order for integer representations + * within principals and credentials, the integer fields in the grammar above + * are always in big-endian byte order. + * + * Only one header tag is currently defined. The tag value is 1 + * (FCC_TAG_DELTATIME), and its contents are two 32-bit integers giving the + * seconds and microseconds of the time offset of the KDC relative to the + * client. + * + * If the OPENCLOSE flag is set (as it is by default), each of the file ccache + * functions opens and closes the file whenever it needs to access it. + * Otherwise, the file is opened once in initialize and closed once in close. + * + * This module depends on UNIX-like file descriptors, and UNIX-like behavior + * from the functions: open, close, read, write, lseek. + */ + #include "k5-int.h" #include "cc-int.h" @@ -82,186 +71,36 @@ #include #endif -#ifdef HAVE_NETINET_IN_H -#if !defined(_WIN32) -#include -#else -#include "port-sockets.h" -#endif -#else -# error find some way to use net-byte-order file version numbers. -#endif - -static krb5_error_code KRB5_CALLCONV krb5_fcc_close -(krb5_context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_destroy -(krb5_context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_end_seq_get -(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_generate_new -(krb5_context, krb5_ccache *id); - -static const char * KRB5_CALLCONV krb5_fcc_get_name -(krb5_context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_get_principal -(krb5_context, krb5_ccache id, krb5_principal *princ); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_initialize -(krb5_context, krb5_ccache id, krb5_principal princ); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_next_cred -(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor, - krb5_creds *creds); - -static krb5_error_code krb5_fcc_read -(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len); -static krb5_error_code krb5_fcc_read_principal -(krb5_context, krb5_ccache id, krb5_principal *princ); -static krb5_error_code krb5_fcc_read_keyblock -(krb5_context, krb5_ccache id, krb5_keyblock *keyblock); -static krb5_error_code krb5_fcc_read_data -(krb5_context, krb5_ccache id, krb5_data *data); -static krb5_error_code krb5_fcc_read_int32 -(krb5_context, krb5_ccache id, krb5_int32 *i); -static krb5_error_code krb5_fcc_read_ui_2 -(krb5_context, krb5_ccache id, krb5_ui_2 *i); -static krb5_error_code krb5_fcc_read_octet -(krb5_context, krb5_ccache id, krb5_octet *i); -static krb5_error_code krb5_fcc_read_times -(krb5_context, krb5_ccache id, krb5_ticket_times *t); -static krb5_error_code krb5_fcc_read_addrs -(krb5_context, krb5_ccache, krb5_address ***); -static krb5_error_code krb5_fcc_read_addr -(krb5_context, krb5_ccache, krb5_address *); -static krb5_error_code krb5_fcc_read_authdata -(krb5_context, krb5_ccache, krb5_authdata ***); -static krb5_error_code krb5_fcc_read_authdatum -(krb5_context, krb5_ccache, krb5_authdata *); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_resolve -(krb5_context, krb5_ccache *id, const char *residual); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_retrieve -(krb5_context, krb5_ccache id, krb5_flags whichfields, - krb5_creds *mcreds, krb5_creds *creds); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_start_seq_get -(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_store -(krb5_context, krb5_ccache id, krb5_creds *creds); - -static krb5_error_code krb5_fcc_skip_header -(krb5_context, krb5_ccache); -static krb5_error_code krb5_fcc_skip_principal -(krb5_context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_set_flags -(krb5_context, krb5_ccache id, krb5_flags flags); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_new -(krb5_context context, krb5_cc_ptcursor *cursor); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_next -(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_free -(krb5_context context, krb5_cc_ptcursor *cursor); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_last_change_time -(krb5_context context, krb5_ccache id, krb5_timestamp *change_time); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_lock -(krb5_context context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock -(krb5_context context, krb5_ccache id); - - extern const krb5_cc_ops krb5_cc_file_ops; -krb5_error_code krb5_change_cache (void); - -static krb5_error_code krb5_fcc_write -(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len); -static krb5_error_code krb5_fcc_store_principal -(krb5_context, krb5_ccache id, krb5_principal princ); -static krb5_error_code krb5_fcc_store_keyblock -(krb5_context, krb5_ccache id, krb5_keyblock *keyblock); -static krb5_error_code krb5_fcc_store_data -(krb5_context, krb5_ccache id, krb5_data *data); -static krb5_error_code krb5_fcc_store_int32 -(krb5_context, krb5_ccache id, krb5_int32 i); -static krb5_error_code krb5_fcc_store_ui_4 -(krb5_context, krb5_ccache id, krb5_ui_4 i); -static krb5_error_code krb5_fcc_store_ui_2 -(krb5_context, krb5_ccache id, krb5_int32 i); -static krb5_error_code krb5_fcc_store_octet -(krb5_context, krb5_ccache id, krb5_int32 i); -static krb5_error_code krb5_fcc_store_times -(krb5_context, krb5_ccache id, krb5_ticket_times *t); -static krb5_error_code krb5_fcc_store_addrs -(krb5_context, krb5_ccache, krb5_address **); -static krb5_error_code krb5_fcc_store_addr -(krb5_context, krb5_ccache, krb5_address *); -static krb5_error_code krb5_fcc_store_authdata -(krb5_context, krb5_ccache, krb5_authdata **); -static krb5_error_code krb5_fcc_store_authdatum -(krb5_context, krb5_ccache, krb5_authdata *); - -static krb5_error_code krb5_fcc_interpret -(krb5_context, int); - -struct _krb5_fcc_data; -static krb5_error_code krb5_fcc_close_file -(krb5_context, struct _krb5_fcc_data *data); -static krb5_error_code krb5_fcc_open_file -(krb5_context, krb5_ccache, int); -static krb5_error_code krb5_fcc_data_last_change_time -(krb5_context context, struct _krb5_fcc_data *data, - krb5_timestamp *change_time); - - -#define KRB5_OK 0 - -#define KRB5_FCC_MAXLEN 100 - -/* - * FCC version 2 contains type information for principals. FCC - * version 1 does not. - * - * FCC version 3 contains keyblock encryption type information, and is - * architecture independent. Previous versions are not. - * - * The code will accept version 1, 2, and 3 ccaches, and depending - * what KRB5_FCC_DEFAULT_FVNO is set to, it will create version 1, 2, - * or 3 FCC caches. - * - * The default credentials cache should be type 3 for now (see - * init_ctx.c). - */ - -#define KRB5_FCC_FVNO_1 0x0501 /* krb v5, fcc v1 */ -#define KRB5_FCC_FVNO_2 0x0502 /* krb v5, fcc v2 */ -#define KRB5_FCC_FVNO_3 0x0503 /* krb v5, fcc v3 */ -#define KRB5_FCC_FVNO_4 0x0504 /* krb v5, fcc v4 */ +krb5_error_code krb5_change_cache(void); + +static krb5_error_code read_data(krb5_context, krb5_ccache id, + krb5_data *data); +static krb5_error_code read32(krb5_context, krb5_ccache id, int32_t *i); +static krb5_error_code read16(krb5_context, krb5_ccache id, uint16_t *i); +static krb5_error_code read_addr(krb5_context context, krb5_ccache id, + krb5_address *addr); +static krb5_error_code read_authdatum(krb5_context, krb5_ccache, + krb5_authdata *); +static krb5_error_code store_data(krb5_context, krb5_ccache id, + krb5_data *data); +static krb5_error_code store32(krb5_context, krb5_ccache id, uint32_t i); +static krb5_error_code store16(krb5_context, krb5_ccache id, uint16_t i); +static krb5_error_code store_addr(krb5_context, krb5_ccache, krb5_address *); +static krb5_error_code store_authdatum(krb5_context, krb5_ccache, + krb5_authdata *); +static krb5_error_code interpret_errno(krb5_context, int); + +#define FVNO_1 0x0501 /* krb v5, fcc v1 */ +#define FVNO_2 0x0502 /* krb v5, fcc v2 */ +#define FVNO_3 0x0503 /* krb v5, fcc v3 */ +#define FVNO_4 0x0504 /* krb v5, fcc v4 */ #define FCC_OPEN_AND_ERASE 1 #define FCC_OPEN_RDWR 2 #define FCC_OPEN_RDONLY 3 -/* Credential file header tags. - * The header tags are constructed as: - * krb5_ui_2 tag - * krb5_ui_2 len - * krb5_octet data[len] - * This format allows for older versions of the fcc processing code to skip - * past unrecognized tag formats. - */ #define FCC_TAG_DELTATIME 1 #ifndef TKT_ROOT @@ -273,49 +112,62 @@ static krb5_error_code krb5_fcc_data_last_change_time #endif /* macros to make checking flags easier */ -#define OPENCLOSE(id) (((krb5_fcc_data *)id->data)->flags & KRB5_TC_OPENCLOSE) +#define OPENCLOSE(id) (((fcc_data *)id->data)->flags & KRB5_TC_OPENCLOSE) -typedef struct _krb5_fcc_data { +typedef struct fcc_data_st { char *filename; - /* Lock this one before reading or modifying the data stored here - that can be changed. (Filename is fixed after - initialization.) */ + + /* Lock this before reading or modifying the data stored here that can be + * changed. (Filename is fixed after initialization.) */ k5_cc_mutex lock; - int file; + int fd; krb5_flags flags; - int mode; /* needed for locking code */ - int version; /* version number of the file */ + int mode; /* needed for locking code */ + int version; /* version number of the file */ - /* Buffer data on reading, for performance. - We used to have a stdio option, but we get more precise control - by using the POSIX I/O functions. */ + /* + * Buffer data on reading, for performance. We used to have a stdio + * option, but we get more precise control by using the POSIX I/O + * functions. + */ #define FCC_BUFSIZ 1024 size_t valid_bytes; size_t cur_offset; char buf[FCC_BUFSIZ]; -} krb5_fcc_data; +} fcc_data; -static inline void invalidate_cache(krb5_fcc_data *data) +/* Return the file version as an integer from 1 to 4. */ +static inline int +version(krb5_ccache id) +{ + return ((fcc_data *)id->data)->version - FVNO_1 + 1; +} + +/* Discard cached read information within data. */ +static inline void +invalidate_cache(fcc_data *data) { data->valid_bytes = 0; } -static off_t fcc_lseek(krb5_fcc_data *data, off_t offset, int whence) +/* Change position within the cache file, taking into account read caching. */ +static off_t +fcc_lseek(fcc_data *data, off_t offset, int whence) { - /* If we read some extra data in advance, and then want to know or - use our "current" position, we need to back up a little. */ + /* If we read some extra data in advance, and then want to know or use our + * "current" position, we need to back up a little. */ if (whence == SEEK_CUR && data->valid_bytes) { assert(data->cur_offset > 0); assert(data->cur_offset <= data->valid_bytes); offset -= (data->valid_bytes - data->cur_offset); } invalidate_cache(data); - return lseek(data->file, offset, whence); + return lseek(data->fd, offset, whence); } struct fcc_set { struct fcc_set *next; - krb5_fcc_data *data; + fcc_data *data; unsigned int refcount; }; @@ -334,62 +186,37 @@ typedef struct _krb5_fcc_cursor { #define MAYBE_OPEN(CONTEXT, ID, MODE) \ { \ - k5_cc_mutex_assert_locked(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \ - if (OPENCLOSE (ID)) { \ - krb5_error_code maybe_open_ret; \ - maybe_open_ret = krb5_fcc_open_file (CONTEXT,ID,MODE); \ - if (maybe_open_ret) { \ - k5_cc_mutex_unlock(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \ - return maybe_open_ret; \ + k5_cc_mutex_assert_locked(CONTEXT, &((fcc_data *)(ID)->data)->lock); \ + if (OPENCLOSE(ID)) { \ + krb5_error_code mo_ret; \ + mo_ret = open_cache_file(CONTEXT, ID, MODE); \ + if (mo_ret) { \ + k5_cc_mutex_unlock(CONTEXT, &((fcc_data *)(ID)->data)->lock); \ + return mo_ret; \ } \ } \ } #define MAYBE_CLOSE(CONTEXT, ID, RET) \ { \ - if (OPENCLOSE (ID)) { \ - krb5_error_code maybe_close_ret; \ - maybe_close_ret = krb5_fcc_close_file (CONTEXT, \ - (krb5_fcc_data *)(ID)->data); \ - if (!(RET)) RET = maybe_close_ret; } } - -#define MAYBE_CLOSE_IGNORE(CONTEXT, ID) \ - { \ - if (OPENCLOSE (ID)) { \ - (void) krb5_fcc_close_file (CONTEXT,(krb5_fcc_data *)(ID)->data); } } + if (OPENCLOSE(ID)) { \ + krb5_error_code mc_ret; \ + mc_ret = close_cache_file(CONTEXT, (ID)->data); \ + if (!(RET)) \ + RET = mc_ret; \ + } \ + } -#define CHECK(ret) if (ret != KRB5_OK) goto errout; +#define CHECK(ret) if (ret) goto errout; #define NO_FILE -1 -/* - * Effects: - * Reads len bytes from the cache id, storing them in buf. - * - * Requires: - * Must be called with mutex locked. - * - * Errors: - * KRB5_CC_END - there were not len bytes available - * system errors (read) - */ +/* Read len bytes from the cache id, storing them in buf. Return KRB5_CC_END + * if not enough bytes are present. Call with the mutex locked. */ static krb5_error_code -krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len) +read_bytes(krb5_context context, krb5_ccache id, void *buf, unsigned int len) { -#if 0 - int ret; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - ret = read(((krb5_fcc_data *) id->data)->file, (char *) buf, len); - if (ret == -1) - return krb5_fcc_interpret(context, errno); - if (ret != len) - return KRB5_CC_END; - else - return KRB5_OK; -#else - krb5_fcc_data *data = (krb5_fcc_data *) id->data; + fcc_data *data = id->data; k5_cc_mutex_assert_locked(context, &data->lock); @@ -399,15 +226,13 @@ krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned i if (data->valid_bytes > 0) assert(data->cur_offset <= data->valid_bytes); - if (data->valid_bytes == 0 - || data->cur_offset == data->valid_bytes) { + if (data->valid_bytes == 0 || data->cur_offset == data->valid_bytes) { /* Fill buffer from current file position. */ - nread = read(data->file, data->buf, sizeof(data->buf)); + nread = read(data->fd, data->buf, sizeof(data->buf)); e = errno; if (nread < 0) - return krb5_fcc_interpret(context, e); + return interpret_errno(context, e); if (nread == 0) - /* EOF */ return KRB5_CC_END; data->valid_bytes = nread; data->cur_offset = 0; @@ -422,11 +247,9 @@ krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned i assert(data->cur_offset > 0); assert(data->cur_offset <= data->valid_bytes); len -= ncopied; - /* Don't do arithmetic on void pointers. */ - buf = (char*)buf + ncopied; + buf = (char *)buf + ncopied; } return 0; -#endif } /* @@ -448,81 +271,82 @@ krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned i * KRB5_CC_NOMEM */ -#define ALLOC(NUM,TYPE) \ - (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ - ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ - : (errno = ENOMEM,(TYPE *) 0)) +#define ALLOC(NUM, TYPE) \ + (((NUM) <= (((size_t)0 - 1) / sizeof(TYPE))) ? \ + (TYPE *)calloc((NUM), sizeof(TYPE)) : \ + (errno = ENOMEM, (TYPE *)0)) static krb5_error_code -krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) +read_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; + fcc_data *data = id->data; krb5_error_code kret; register krb5_principal tmpprinc; - krb5_int32 length, type; + int32_t length, type; int i; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &data->lock); *princ = NULL; - if (data->version == KRB5_FCC_FVNO_1) { + if (version(id) == 1) { type = KRB5_NT_UNKNOWN; } else { - /* Read principal type */ - kret = krb5_fcc_read_int32(context, id, &type); - if (kret != KRB5_OK) + /* Read principal type. */ + kret = read32(context, id, &type); + if (kret) return kret; } - /* Read the number of components */ - kret = krb5_fcc_read_int32(context, id, &length); - if (kret != KRB5_OK) + /* Read the number of components. */ + kret = read32(context, id, &length); + if (kret) return kret; /* * DCE includes the principal's realm in the count; the new format * does not. */ - if (data->version == KRB5_FCC_FVNO_1) + if (version(id) == 1) length--; if (length < 0) return KRB5_CC_NOMEM; - tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data)); + tmpprinc = malloc(sizeof(*tmpprinc)); if (tmpprinc == NULL) return KRB5_CC_NOMEM; if (length) { size_t msize = length; - if (msize != (krb5_ui_4) length) { + if (msize != (uint32_t)length) { free(tmpprinc); return KRB5_CC_NOMEM; } - tmpprinc->data = ALLOC (msize, krb5_data); + tmpprinc->data = ALLOC(msize, krb5_data); if (tmpprinc->data == 0) { free(tmpprinc); return KRB5_CC_NOMEM; } - } else + } else { tmpprinc->data = 0; + } tmpprinc->magic = KV5M_PRINCIPAL; tmpprinc->length = length; tmpprinc->type = type; - kret = krb5_fcc_read_data(context, id, &tmpprinc->realm); + kret = read_data(context, id, &tmpprinc->realm); i = 0; CHECK(kret); - for (i=0; i < length; i++) { - kret = krb5_fcc_read_data(context, id, &tmpprinc->data[i]); + for (i = 0; i < length; i++) { + kret = read_data(context, id, &tmpprinc->data[i]); CHECK(kret); } *princ = tmpprinc; - return KRB5_OK; + return 0; errout: - while(--i >= 0) + while (--i >= 0) free(tmpprinc->data[i].data); free(tmpprinc->realm.data); free(tmpprinc->data); @@ -531,45 +355,44 @@ errout: } static krb5_error_code -krb5_fcc_read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs) +read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs) { krb5_error_code kret; - krb5_int32 length; + int32_t length; size_t msize; int i; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - *addrs = 0; + *addrs = NULL; /* Read the number of components */ - kret = krb5_fcc_read_int32(context, id, &length); + kret = read32(context, id, &length); CHECK(kret); /* Make *addrs able to hold length pointers to krb5_address structs - * Add one extra for a null-terminated list - */ + * Add one extra for a null-terminated list */ msize = length; msize += 1; - if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0) + if (msize == 0 || msize - 1 != (uint32_t)length || length < 0) return KRB5_CC_NOMEM; - *addrs = ALLOC (msize, krb5_address *); + *addrs = ALLOC(msize, krb5_address *); if (*addrs == NULL) return KRB5_CC_NOMEM; - for (i=0; i < length; i++) { - (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address)); + for (i = 0; i < length; i++) { + (*addrs)[i] = malloc(sizeof(krb5_address)); if ((*addrs)[i] == NULL) { krb5_free_addresses(context, *addrs); *addrs = 0; return KRB5_CC_NOMEM; } (*addrs)[i]->contents = NULL; - kret = krb5_fcc_read_addr(context, id, (*addrs)[i]); + kret = read_addr(context, id, (*addrs)[i]); CHECK(kret); } - return KRB5_OK; + return 0; errout: if (*addrs) { krb5_free_addresses(context, *addrs); @@ -579,48 +402,48 @@ errout: } static krb5_error_code -krb5_fcc_read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock) +read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; krb5_error_code kret; - krb5_ui_2 ui2; - krb5_int32 int32; + uint16_t ui2; + int32_t int32; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); keyblock->magic = KV5M_KEYBLOCK; keyblock->contents = 0; /* Enctype is signed, so sign-extend the 16-bit value we read. */ - kret = krb5_fcc_read_ui_2(context, id, &ui2); - keyblock->enctype = (krb5_int16) ui2; + kret = read16(context, id, &ui2); + keyblock->enctype = (int16_t)ui2; CHECK(kret); - if (data->version == KRB5_FCC_FVNO_3) { + if (version(id) == 3) { /* This works because the old etype is the same as the new enctype. */ - kret = krb5_fcc_read_ui_2(context, id, &ui2); + kret = read16(context, id, &ui2); /* keyblock->enctype = ui2; */ CHECK(kret); } - kret = krb5_fcc_read_int32(context, id, &int32); + kret = read32(context, id, &int32); CHECK(kret); if (int32 < 0) return KRB5_CC_NOMEM; keyblock->length = int32; /* Overflow check. */ - if (keyblock->length != (krb5_ui_4) int32) + if (keyblock->length != (uint32_t)int32) return KRB5_CC_NOMEM; - if ( keyblock->length == 0 ) - return KRB5_OK; + if (keyblock->length == 0) + return 0; keyblock->contents = malloc(keyblock->length); if (keyblock->contents == NULL) return KRB5_CC_NOMEM; - kret = krb5_fcc_read(context, id, keyblock->contents, keyblock->length); + kret = read_bytes(context, id, keyblock->contents, keyblock->length); if (kret) goto errout; - return KRB5_OK; + return 0; + errout: if (keyblock->contents) { free(keyblock->contents); @@ -630,38 +453,39 @@ errout: } static krb5_error_code -krb5_fcc_read_data(krb5_context context, krb5_ccache id, krb5_data *data) +read_data(krb5_context context, krb5_ccache id, krb5_data *data) { krb5_error_code kret; - krb5_int32 len; + int32_t len; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); data->magic = KV5M_DATA; data->data = 0; - kret = krb5_fcc_read_int32(context, id, &len); + kret = read32(context, id, &len); CHECK(kret); if (len < 0) return KRB5_CC_NOMEM; data->length = len; - if (data->length != (krb5_ui_4) len || data->length + 1 == 0) + if (data->length != (uint32_t)len || data->length + 1 == 0) return KRB5_CC_NOMEM; if (data->length == 0) { - data->data = 0; - return KRB5_OK; + data->data = NULL; + return 0; } - data->data = (char *) malloc(data->length+1); + data->data = malloc(data->length + 1); if (data->data == NULL) return KRB5_CC_NOMEM; - kret = krb5_fcc_read(context, id, data->data, (unsigned) data->length); + kret = read_bytes(context, id, data->data, data->length); CHECK(kret); data->data[data->length] = 0; /* Null terminate, just in case.... */ - return KRB5_OK; + return 0; + errout: if (data->data) { free(data->data); @@ -671,42 +495,42 @@ errout: } static krb5_error_code -krb5_fcc_read_addr(krb5_context context, krb5_ccache id, krb5_address *addr) +read_addr(krb5_context context, krb5_ccache id, krb5_address *addr) { krb5_error_code kret; - krb5_ui_2 ui2; - krb5_int32 int32; + uint16_t ui2; + int32_t int32; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); addr->magic = KV5M_ADDRESS; addr->contents = 0; - kret = krb5_fcc_read_ui_2(context, id, &ui2); + kret = read16(context, id, &ui2); CHECK(kret); addr->addrtype = ui2; - kret = krb5_fcc_read_int32(context, id, &int32); + kret = read32(context, id, &int32); CHECK(kret); if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; addr->length = int32; - /* Length field is "unsigned int", which may be smaller than 32 - bits. */ - if (addr->length != (krb5_ui_4) int32) + /* Length field is "unsigned int", which may be smaller than 32 bits. */ + if (addr->length != (uint32_t)int32) return KRB5_CC_NOMEM; /* XXX */ if (addr->length == 0) - return KRB5_OK; + return 0; - addr->contents = (krb5_octet *) malloc(addr->length); + addr->contents = malloc(addr->length); if (addr->contents == NULL) return KRB5_CC_NOMEM; - kret = krb5_fcc_read(context, id, addr->contents, addr->length); + kret = read_bytes(context, id, addr->contents, addr->length); CHECK(kret); - return KRB5_OK; + return 0; + errout: if (addr->contents) { free(addr->contents); @@ -715,82 +539,72 @@ errout: return kret; } +/* Load four bytes from the cache file and return their value as a 32-bit + * signed integer according to the file format. */ static krb5_error_code -krb5_fcc_read_int32(krb5_context context, krb5_ccache id, krb5_int32 *i) +read32(krb5_context context, krb5_ccache id, int32_t *out) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_error_code retval; - unsigned char buf[4]; + krb5_error_code ret; + char bytes[4]; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_int32)); - else { - retval = krb5_fcc_read(context, id, buf, 4); - if (retval) - return retval; - *i = load_32_be (buf); - return 0; - } + ret = read_bytes(context, id, bytes, 4); + if (ret) + return ret; + *out = (version(id) < 3) ? load_32_n(bytes) : load_32_be(bytes); + return 0; } +/* Load two bytes from the cache file and return their value as a 16-bit + * unsigned integer according to the file format. */ static krb5_error_code -krb5_fcc_read_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 *i) +read16(krb5_context context, krb5_ccache id, uint16_t *out) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_error_code retval; - unsigned char buf[2]; + krb5_error_code ret; + char bytes[2]; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_ui_2)); - else { - retval = krb5_fcc_read(context, id, buf, 2); - if (retval) - return retval; - *i = load_16_be (buf); - return 0; - } + ret = read_bytes(context, id, bytes, 2); + if (ret) + return ret; + *out = (version(id) < 3) ? load_16_n(bytes) : load_16_be(bytes); + return 0; } static krb5_error_code -krb5_fcc_read_octet(krb5_context context, krb5_ccache id, krb5_octet *i) +read_octet(krb5_context context, krb5_ccache id, unsigned char *i) { - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - return krb5_fcc_read(context, id, (krb5_pointer) i, 1); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); + return read_bytes(context, id, i, 1); } - static krb5_error_code -krb5_fcc_read_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t) +read_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; + fcc_data *data = id->data; krb5_error_code retval; - krb5_int32 i; + int32_t i; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_read(context, id, (krb5_pointer) t, sizeof(krb5_ticket_times)); - else { - retval = krb5_fcc_read_int32(context, id, &i); + if (data->version == FVNO_1 || data->version == FVNO_2) { + return read_bytes(context, id, t, sizeof(krb5_ticket_times)); + } else { + retval = read32(context, id, &i); CHECK(retval); t->authtime = i; - retval = krb5_fcc_read_int32(context, id, &i); + retval = read32(context, id, &i); CHECK(retval); t->starttime = i; - retval = krb5_fcc_read_int32(context, id, &i); + retval = read32(context, id, &i); CHECK(retval); t->endtime = i; - retval = krb5_fcc_read_int32(context, id, &i); + retval = read32(context, id, &i); CHECK(retval); t->renew_till = i; } @@ -800,48 +614,47 @@ errout: } static krb5_error_code -krb5_fcc_read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a) +read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a) { krb5_error_code kret; - krb5_int32 length; + int32_t length; size_t msize; int i; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); *a = 0; /* Read the number of components */ - kret = krb5_fcc_read_int32(context, id, &length); + kret = read32(context, id, &length); CHECK(kret); if (length == 0) - return KRB5_OK; + return 0; /* Make *a able to hold length pointers to krb5_authdata structs - * Add one extra for a null-terminated list - */ + * Add one extra for a null-terminated list. */ msize = length; msize += 1; - if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0) + if (msize == 0 || msize - 1 != (uint32_t)length || length < 0) return KRB5_CC_NOMEM; - *a = ALLOC (msize, krb5_authdata *); + *a = ALLOC(msize, krb5_authdata *); if (*a == NULL) return KRB5_CC_NOMEM; - for (i=0; i < length; i++) { - (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata)); + for (i = 0; i < length; i++) { + (*a)[i] = malloc(sizeof(krb5_authdata)); if ((*a)[i] == NULL) { krb5_free_authdata(context, *a); *a = NULL; return KRB5_CC_NOMEM; } (*a)[i]->contents = NULL; - kret = krb5_fcc_read_authdatum(context, id, (*a)[i]); + kret = read_authdatum(context, id, (*a)[i]); CHECK(kret); } - return KRB5_OK; + return 0; errout: if (*a) { krb5_free_authdata(context, *a); @@ -851,41 +664,40 @@ errout: } static krb5_error_code -krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a) +read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a) { krb5_error_code kret; - krb5_int32 int32; - krb5_int16 ui2; /* negative authorization data types are allowed */ + int32_t int32; + int16_t ui2; /* negative authorization data types are allowed */ - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); a->magic = KV5M_AUTHDATA; a->contents = NULL; - kret = krb5_fcc_read_ui_2(context, id, (krb5_ui_2 *)&ui2); + kret = read16(context, id, (uint16_t *)&ui2); CHECK(kret); a->ad_type = (krb5_authdatatype)ui2; - kret = krb5_fcc_read_int32(context, id, &int32); + kret = read32(context, id, &int32); CHECK(kret); if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; a->length = int32; - /* Value could have gotten truncated if int is smaller than 32 - bits. */ - if (a->length != (krb5_ui_4) int32) - return KRB5_CC_NOMEM; /* XXX */ + /* Value could have gotten truncated if int is smaller than 32 bits. */ + if (a->length != (uint32_t)int32) + return KRB5_CC_NOMEM; - if (a->length == 0 ) - return KRB5_OK; + if (a->length == 0) + return 0; - a->contents = (krb5_octet *) malloc(a->length); + a->contents = malloc(a->length); if (a->contents == NULL) return KRB5_CC_NOMEM; - kret = krb5_fcc_read(context, id, a->contents, a->length); + kret = read_bytes(context, id, a->contents, a->length); CHECK(kret); - return KRB5_OK; + return 0; errout: if (a->contents) { free(a->contents); @@ -896,39 +708,32 @@ errout: } #undef CHECK -#define CHECK(ret) if (ret != KRB5_OK) return ret; +#define CHECK(ret) if (ret) return ret; -/* - * Requires: - * id is open - * - * Effects: - * Writes len bytes from buf into the file cred cache id. - * - * Errors: - * system errors - */ +/* Write len bytes from buf into the cache file. Call with the mutex + * locked. */ static krb5_error_code -krb5_fcc_write(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len) +write_bytes(krb5_context context, krb5_ccache id, const void *buf, + unsigned int len) { int ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - invalidate_cache((krb5_fcc_data *) id->data); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); + invalidate_cache(id->data); - ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len); + ret = write(((fcc_data *)id->data)->fd, buf, len); if (ret < 0) - return krb5_fcc_interpret(context, errno); - if ((unsigned int) ret != len) + return interpret_errno(context, errno); + if ((unsigned int)ret != len) return KRB5_CC_WRITE; - return KRB5_OK; + return 0; } /* * FOR ALL OF THE FOLLOWING FUNCTIONS: * * Requires: - * ((krb5_fcc_data *) id->data)->file is open and at the right position. + * ((fcc_data *)id->data)->fd is open and at the right position. * * mutex is locked * @@ -941,18 +746,18 @@ krb5_fcc_write(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned */ static krb5_error_code -krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal princ) +store_principal(krb5_context context, krb5_ccache id, krb5_principal princ) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; + fcc_data *data = id->data; krb5_error_code ret; - krb5_int32 i, length, tmp, type; + int32_t i, length, tmp, type; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); type = princ->type; tmp = length = princ->length; - if (data->version == KRB5_FCC_FVNO_1) { + if (data->version == FVNO_1) { /* * DCE-compatible format means that the length count * includes the realm. (It also doesn't include the @@ -960,32 +765,32 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr */ tmp++; } else { - ret = krb5_fcc_store_int32(context, id, type); + ret = store32(context, id, type); CHECK(ret); } - ret = krb5_fcc_store_int32(context, id, tmp); + ret = store32(context, id, tmp); CHECK(ret); - ret = krb5_fcc_store_data(context, id, &princ->realm); + ret = store_data(context, id, &princ->realm); CHECK(ret); - for (i=0; i < length; i++) { - ret = krb5_fcc_store_data(context, id, &princ->data[i]); + for (i = 0; i < length; i++) { + ret = store_data(context, id, &princ->data[i]); CHECK(ret); } - return KRB5_OK; + return 0; } static krb5_error_code -krb5_fcc_store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs) +store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs) { krb5_error_code ret; krb5_address **temp; - krb5_int32 i, length = 0; + int32_t i, length = 0; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); /* Count the number of components */ if (addrs) { @@ -994,195 +799,179 @@ krb5_fcc_store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs) length += 1; } - ret = krb5_fcc_store_int32(context, id, length); + ret = store32(context, id, length); CHECK(ret); - for (i=0; i < length; i++) { - ret = krb5_fcc_store_addr(context, id, addrs[i]); + for (i = 0; i < length; i++) { + ret = store_addr(context, id, addrs[i]); CHECK(ret); } - return KRB5_OK; + return 0; } static krb5_error_code -krb5_fcc_store_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock) +store_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; + fcc_data *data = id->data; krb5_error_code ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); + ret = store16(context, id, keyblock->enctype); CHECK(ret); - if (data->version == KRB5_FCC_FVNO_3) { - ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); + if (data->version == FVNO_3) { + ret = store16(context, id, keyblock->enctype); CHECK(ret); } - ret = krb5_fcc_store_ui_4(context, id, keyblock->length); + ret = store32(context, id, keyblock->length); CHECK(ret); - return krb5_fcc_write(context, id, (char *) keyblock->contents, keyblock->length); + return write_bytes(context, id, keyblock->contents, keyblock->length); } static krb5_error_code -krb5_fcc_store_addr(krb5_context context, krb5_ccache id, krb5_address *addr) +store_addr(krb5_context context, krb5_ccache id, krb5_address *addr) { krb5_error_code ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - ret = krb5_fcc_store_ui_2(context, id, addr->addrtype); + ret = store16(context, id, addr->addrtype); CHECK(ret); - ret = krb5_fcc_store_ui_4(context, id, addr->length); + ret = store32(context, id, addr->length); CHECK(ret); - return krb5_fcc_write(context, id, (char *) addr->contents, addr->length); + return write_bytes(context, id, addr->contents, addr->length); } - static krb5_error_code -krb5_fcc_store_data(krb5_context context, krb5_ccache id, krb5_data *data) +store_data(krb5_context context, krb5_ccache id, krb5_data *data) { krb5_error_code ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - ret = krb5_fcc_store_ui_4(context, id, data->length); + ret = store32(context, id, data->length); CHECK(ret); - return krb5_fcc_write(context, id, data->data, data->length); -} - -static krb5_error_code -krb5_fcc_store_int32(krb5_context context, krb5_ccache id, krb5_int32 i) -{ - return krb5_fcc_store_ui_4(context, id, (krb5_ui_4) i); + return write_bytes(context, id, data->data, data->length); } +/* Store a 32-bit integer into the cache file according to the file format. */ static krb5_error_code -krb5_fcc_store_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i) +store32(krb5_context context, krb5_ccache id, uint32_t i) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; unsigned char buf[4]; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32)); - else { - store_32_be (i, buf); - return krb5_fcc_write(context, id, buf, 4); - } + if (version(id) < 3) + store_32_n(i, buf); + else + store_32_be(i, buf); + return write_bytes(context, id, buf, 4); } +/* Store a 16-bit integer into the cache file according to the file format. */ static krb5_error_code -krb5_fcc_store_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i) +store16(krb5_context context, krb5_ccache id, uint16_t i) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_ui_2 ibuf; unsigned char buf[2]; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) { - ibuf = (krb5_ui_2) i; - return krb5_fcc_write(context, id, (char *) &ibuf, sizeof(krb5_ui_2)); - } else { - store_16_be (i, buf); - return krb5_fcc_write(context, id, buf, 2); - } + if (version(id) < 3) + store_16_n(i, buf); + else + store_16_be(i, buf); + return write_bytes(context, id, buf, 2); } static krb5_error_code -krb5_fcc_store_octet(krb5_context context, krb5_ccache id, krb5_int32 i) +store_octet(krb5_context context, krb5_ccache id, unsigned char i) { - krb5_octet ibuf; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - ibuf = (krb5_octet) i; - return krb5_fcc_write(context, id, (char *) &ibuf, 1); + return write_bytes(context, id, &i, 1); } static krb5_error_code -krb5_fcc_store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t) +store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; + fcc_data *data = id->data; krb5_error_code retval; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_write(context, id, (char *) t, sizeof(krb5_ticket_times)); - else { - retval = krb5_fcc_store_int32(context, id, t->authtime); + if (data->version == FVNO_1 || data->version == FVNO_2) { + return write_bytes(context, id, t, sizeof(krb5_ticket_times)); + } else { + retval = store32(context, id, t->authtime); CHECK(retval); - retval = krb5_fcc_store_int32(context, id, t->starttime); + retval = store32(context, id, t->starttime); CHECK(retval); - retval = krb5_fcc_store_int32(context, id, t->endtime); + retval = store32(context, id, t->endtime); CHECK(retval); - retval = krb5_fcc_store_int32(context, id, t->renew_till); + retval = store32(context, id, t->renew_till); CHECK(retval); return 0; } } static krb5_error_code -krb5_fcc_store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a) +store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a) { krb5_error_code ret; krb5_authdata **temp; - krb5_int32 i, length=0; + int32_t i, length = 0; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); if (a != NULL) { - for (temp=a; *temp; temp++) + for (temp = a; *temp; temp++) length++; } - ret = krb5_fcc_store_int32(context, id, length); + ret = store32(context, id, length); CHECK(ret); - for (i=0; idata)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - ret = krb5_fcc_store_ui_2(context, id, a->ad_type); + ret = store16(context, id, a->ad_type); CHECK(ret); - ret = krb5_fcc_store_ui_4(context, id, a->length); + ret = store32(context, id, a->length); CHECK(ret); - return krb5_fcc_write(context, id, (krb5_pointer) a->contents, a->length); + return write_bytes(context, id, a->contents, a->length); } #undef CHECK +/* Unlock and close the cache file. Call with the mutex locked. */ static krb5_error_code -krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data) +close_cache_file(krb5_context context, fcc_data *data) { - int ret; - krb5_error_code retval; + int st; + krb5_error_code ret; k5_cc_mutex_assert_locked(context, &data->lock); - if (data->file == NO_FILE) + if (data->fd == NO_FILE) return KRB5_FCC_INTERNAL; - retval = krb5_unlock_file(context, data->file); - ret = close (data->file); - data->file = NO_FILE; - if (retval) - return retval; + ret = krb5_unlock_file(context, data->fd); + st = close(data->fd); + data->fd = NO_FILE; + if (ret) + return ret; - return ret ? krb5_fcc_interpret (context, errno) : 0; + return st ? interpret_errno(context, errno) : 0; } #if defined(ANSI_STDIO) || defined(_WIN32) @@ -1197,33 +986,34 @@ krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data) ((SIZE) < BUFSIZE ? (abort(),0) : setbuf(FILE, BUF)) #endif +/* Open and lock the cache file. If mode is FCC_OPEN_AND_ERASE, initialize it + * with a header. Call with the mutex locked. */ static krb5_error_code -krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) +open_cache_file(krb5_context context, krb5_ccache id, int mode) { krb5_os_context os_ctx = &context->os_context; - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_ui_2 fcc_fvno; - krb5_ui_2 fcc_flen; - krb5_ui_2 fcc_tag; - krb5_ui_2 fcc_taglen; - int f, open_flag; - int lock_flag; - krb5_error_code retval = 0; + krb5_error_code ret; + fcc_data *data = id->data; + char fcc_fvno[2]; + uint16_t fcc_flen, fcc_tag, fcc_taglen; + int32_t time_offset, usec_offset; + int f, open_flag, lock_flag, cnt; + char buf[1024]; k5_cc_mutex_assert_locked(context, &data->lock); invalidate_cache(data); - if (data->file != NO_FILE) { - /* Don't know what state it's in; shut down and start anew. */ - (void) krb5_unlock_file(context, data->file); - (void) close (data->file); - data->file = NO_FILE; + if (data->fd != NO_FILE) { + /* Don't know what state it's in; shut down and start anew. */ + (void)krb5_unlock_file(context, data->fd); + (void)close(data->fd); + data->fd = NO_FILE; } - switch(mode) { + switch (mode) { case FCC_OPEN_AND_ERASE: unlink(data->filename); - open_flag = O_CREAT|O_EXCL|O_TRUNC|O_RDWR; + open_flag = O_CREAT | O_EXCL | O_TRUNC | O_RDWR; break; case FCC_OPEN_RDWR: open_flag = O_RDWR; @@ -1234,17 +1024,16 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) break; } - f = THREEPARAMOPEN (data->filename, open_flag | O_BINARY, 0600); + f = THREEPARAMOPEN(data->filename, open_flag | O_BINARY, 0600); if (f == NO_FILE) { - switch (errno) { - case ENOENT: - retval = KRB5_FCC_NOFILE; - krb5_set_error_message(context, retval, + if (errno == ENOENT) { + ret = KRB5_FCC_NOFILE; + krb5_set_error_message(context, ret, _("Credentials cache file '%s' not found"), data->filename); - return retval; - default: - return krb5_fcc_interpret (context, errno); + return ret; + } else { + return interpret_errno(context, errno); } } set_cloexec_fd(f); @@ -1255,235 +1044,218 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) lock_flag = KRB5_LOCKMODE_SHARED; else lock_flag = KRB5_LOCKMODE_EXCLUSIVE; - if ((retval = krb5_lock_file(context, f, lock_flag))) { - (void) close(f); - return retval; + ret = krb5_lock_file(context, f, lock_flag); + if (ret) { + (void)close(f); + return ret; } if (mode == FCC_OPEN_AND_ERASE) { /* write the version number */ - int cnt; - - fcc_fvno = htons(context->fcc_default_format); + store_16_be(context->fcc_default_format, fcc_fvno); data->version = context->fcc_default_format; - if ((cnt = write(f, (char *)&fcc_fvno, sizeof(fcc_fvno))) != - sizeof(fcc_fvno)) { - retval = ((cnt == -1) ? krb5_fcc_interpret(context, errno) : - KRB5_CC_IO); + cnt = write(f, fcc_fvno, 2); + if (cnt != 2) { + ret = (cnt == -1) ? interpret_errno(context, errno) : KRB5_CC_IO; goto done; } - data->file = f; + data->fd = f; - if (data->version == KRB5_FCC_FVNO_4) { + if (data->version == FVNO_4) { /* V4 of the credentials cache format allows for header tags */ fcc_flen = 0; if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) - fcc_flen += (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32)); + fcc_flen += 2 + 2 + 4 + 4; - /* Write header length */ - retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen); - if (retval) goto done; + /* Write header length. */ + ret = store16(context, id, fcc_flen); + if (ret) + goto done; if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { - /* Write time offset tag */ + /* Write time offset tag. */ fcc_tag = FCC_TAG_DELTATIME; - fcc_taglen = 2*sizeof(krb5_int32); - - retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_tag); - if (retval) goto done; - retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_taglen); - if (retval) goto done; - retval = krb5_fcc_store_int32(context,id,os_ctx->time_offset); - if (retval) goto done; - retval = krb5_fcc_store_int32(context,id,os_ctx->usec_offset); - if (retval) goto done; + fcc_taglen = 2 * 4; + + ret = store16(context, id, fcc_tag); + if (ret) + goto done; + ret = store16(context, id, fcc_taglen); + if (ret) + goto done; + ret = store32(context, id, os_ctx->time_offset); + if (ret) + goto done; + ret = store32(context, id, os_ctx->usec_offset); + if (ret) + goto done; } } invalidate_cache(data); goto done; } - /* verify a valid version number is there */ + /* Verify a valid version number is there. */ invalidate_cache(data); - if (read(f, (char *)&fcc_fvno, sizeof(fcc_fvno)) != sizeof(fcc_fvno)) { - retval = KRB5_CC_FORMAT; + if (read(f, fcc_fvno, 2) != 2) { + ret = KRB5_CC_FORMAT; goto done; } - data->version = ntohs(fcc_fvno); - if ((data->version != KRB5_FCC_FVNO_4) && - (data->version != KRB5_FCC_FVNO_3) && - (data->version != KRB5_FCC_FVNO_2) && - (data->version != KRB5_FCC_FVNO_1)) { - retval = KRB5_CCACHE_BADVNO; + data->version = load_16_be(fcc_fvno); + if (data->version != FVNO_4 && data->version != FVNO_3 && + data->version != FVNO_2 && data->version != FVNO_1) { + ret = KRB5_CCACHE_BADVNO; goto done; } - data->file = f; + data->fd = f; - if (data->version == KRB5_FCC_FVNO_4) { - char buf[1024]; - - if (krb5_fcc_read_ui_2(context, id, &fcc_flen) || - (fcc_flen > sizeof(buf))) - { - retval = KRB5_CC_FORMAT; + if (data->version == FVNO_4) { + if (read16(context, id, &fcc_flen) || fcc_flen > sizeof(buf)) { + ret = KRB5_CC_FORMAT; goto done; } while (fcc_flen) { - if ((fcc_flen < (2 * sizeof(krb5_ui_2))) || - krb5_fcc_read_ui_2(context, id, &fcc_tag) || - krb5_fcc_read_ui_2(context, id, &fcc_taglen) || - (fcc_taglen > (fcc_flen - 2*sizeof(krb5_ui_2)))) - { - retval = KRB5_CC_FORMAT; + if (fcc_flen < 2 * 2 || read16(context, id, &fcc_tag) || + read16(context, id, &fcc_taglen) || + fcc_taglen > fcc_flen - 2 * 2) { + ret = KRB5_CC_FORMAT; goto done; } switch (fcc_tag) { case FCC_TAG_DELTATIME: - if (fcc_taglen != 2*sizeof(krb5_int32)) { - retval = KRB5_CC_FORMAT; + if (fcc_taglen != 2 * 4) { + ret = KRB5_CC_FORMAT; goto done; } if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) || - (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) - { - if (krb5_fcc_read(context, id, buf, fcc_taglen)) { - retval = KRB5_CC_FORMAT; + (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) { + if (read_bytes(context, id, buf, fcc_taglen)) { + ret = KRB5_CC_FORMAT; goto done; } break; } - if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) || - krb5_fcc_read_int32(context, id, &os_ctx->usec_offset)) - { - retval = KRB5_CC_FORMAT; + if (read32(context, id, &time_offset) || + read32(context, id, &usec_offset)) { + ret = KRB5_CC_FORMAT; goto done; } + os_ctx->time_offset = time_offset; + os_ctx->usec_offset = usec_offset; os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | KRB5_OS_TOFFSET_VALID); break; default: - if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) { - retval = KRB5_CC_FORMAT; + if (fcc_taglen && read_bytes(context, id, buf, fcc_taglen)) { + ret = KRB5_CC_FORMAT; goto done; } break; } - fcc_flen -= (2*sizeof(krb5_ui_2) + fcc_taglen); + fcc_flen -= (2 * 2 + fcc_taglen); } } done: - if (retval) { - data->file = -1; - (void) krb5_unlock_file(context, f); - (void) close(f); + if (ret) { + data->fd = -1; + (void)krb5_unlock_file(context, f); + (void)close(f); } - return retval; + return ret; } +/* Seek past the header in the cache file. */ static krb5_error_code -krb5_fcc_skip_header(krb5_context context, krb5_ccache id) +skip_header(krb5_context context, krb5_ccache id) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_error_code kret; - krb5_ui_2 fcc_flen; + fcc_data *data = id->data; + krb5_error_code ret; + uint16_t fcc_flen; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &data->lock); - fcc_lseek(data, (off_t) sizeof(krb5_ui_2), SEEK_SET); - if (data->version == KRB5_FCC_FVNO_4) { - kret = krb5_fcc_read_ui_2(context, id, &fcc_flen); - if (kret) return kret; - if(fcc_lseek(data, (off_t) fcc_flen, SEEK_CUR) < 0) + fcc_lseek(data, 2, SEEK_SET); + if (version(id) >= 4) { + ret = read16(context, id, &fcc_flen); + if (ret) + return ret; + if (fcc_lseek(data, fcc_flen, SEEK_CUR) < 0) return errno; } - return KRB5_OK; + return 0; } +/* Seek past the default principal in the cache file. */ static krb5_error_code -krb5_fcc_skip_principal(krb5_context context, krb5_ccache id) +skip_principal(krb5_context context, krb5_ccache id) { - krb5_error_code kret; + krb5_error_code ret; krb5_principal princ; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock); - kret = krb5_fcc_read_principal(context, id, &princ); - if (kret != KRB5_OK) - return kret; + ret = read_principal(context, id, &princ); + if (ret) + return ret; krb5_free_principal(context, princ); - return KRB5_OK; + return 0; } - -/* - * Modifies: - * id - * - * Effects: - * Creates/refreshes the file cred cache id. If the cache exists, its - * contents are destroyed. - * - * Errors: - * system errors - * permission errors - */ +/* Create or overwrite the cache file with a header and default principal. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) +fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) { - krb5_error_code kret = 0; - int reti = 0; + krb5_error_code ret; + fcc_data *data = id->data; + int st = 0; - k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_lock(context, &data->lock); MAYBE_OPEN(context, id, FCC_OPEN_AND_ERASE); #if defined(HAVE_FCHMOD) || defined(HAVE_CHMOD) - { #ifdef HAVE_FCHMOD - reti = fchmod(((krb5_fcc_data *)id->data)->file, S_IRUSR | S_IWUSR); + st = fchmod(data->fd, S_IRUSR | S_IWUSR); #else - reti = chmod(((krb5_fcc_data *)id->data)->filename, S_IRUSR | S_IWUSR); + st = chmod(data->filename, S_IRUSR | S_IWUSR); #endif - if (reti == -1) { - kret = krb5_fcc_interpret(context, errno); - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - return kret; - } + if (st == -1) { + ret = interpret_errno(context, errno); + MAYBE_CLOSE(context, id, ret); + k5_cc_mutex_unlock(context, &data->lock); + return ret; } #endif - kret = krb5_fcc_store_principal(context, id, princ); + ret = store_principal(context, id, princ); - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - krb5_change_cache (); - return kret; + MAYBE_CLOSE(context, id, ret); + k5_cc_mutex_unlock(context, &data->lock); + krb5_change_cache(); + return ret; } -/* - * Drop the ref count; if it hits zero, remove the entry from the - * fcc_set list and free it. - */ -static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data) +/* Drop the ref count. If it hits zero, remove the entry from the fcc_set list + * and free it. */ +static krb5_error_code dereference(krb5_context context, fcc_data *data) { - struct fcc_set **fccsp; + struct fcc_set **fccsp, *temp; k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); - for (fccsp = &fccs; *fccsp != NULL; fccsp = &(*fccsp)->next) + for (fccsp = &fccs; *fccsp != NULL; fccsp = &(*fccsp)->next) { if ((*fccsp)->data == data) break; + } assert(*fccsp != NULL); assert((*fccsp)->data == data); (*fccsp)->refcount--; if ((*fccsp)->refcount == 0) { - struct fcc_set *temp; data = (*fccsp)->data; temp = *fccsp; *fccsp = (*fccsp)->next; @@ -1492,48 +1264,35 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data) k5_cc_mutex_assert_unlocked(context, &data->lock); free(data->filename); zap(data->buf, sizeof(data->buf)); - if (data->file >= 0) { + if (data->fd >= 0) { k5_cc_mutex_lock(context, &data->lock); - krb5_fcc_close_file(context, data); + close_cache_file(context, data); k5_cc_mutex_unlock(context, &data->lock); } k5_cc_mutex_destroy(&data->lock); free(data); - } else + } else { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + } return 0; } -/* - * Modifies: - * id - * - * Effects: - * Closes the file cache, invalidates the id, and frees any resources - * associated with the cache. - */ +/* Release the ccache handle. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_close(krb5_context context, krb5_ccache id) +fcc_close(krb5_context context, krb5_ccache id) { - dereference(context, (krb5_fcc_data *) id->data); + dereference(context, id->data); free(id); - return KRB5_OK; + return 0; } -/* - * Effects: - * Destroys the contents of id. - * - * Errors: - * system errors - */ +/* Destroy the cache file and release the handle. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_destroy(krb5_context context, krb5_ccache id) +fcc_destroy(krb5_context context, krb5_ccache id) { - krb5_error_code kret = 0; - krb5_fcc_data *data = (krb5_fcc_data *) id->data; - register int ret; - + krb5_error_code ret = 0; + fcc_data *data = id->data; + int st, fd; struct stat buf; unsigned long i, size; unsigned int wlen; @@ -1543,106 +1302,107 @@ krb5_fcc_destroy(krb5_context context, krb5_ccache id) if (OPENCLOSE(id)) { invalidate_cache(data); - ret = THREEPARAMOPEN(data->filename, - O_RDWR | O_BINARY, 0); - if (ret < 0) { - kret = krb5_fcc_interpret(context, errno); + fd = THREEPARAMOPEN(data->filename, O_RDWR | O_BINARY, 0); + if (fd < 0) { + ret = interpret_errno(context, errno); goto cleanup; } - set_cloexec_fd(ret); - data->file = ret; + set_cloexec_fd(fd); + data->fd = fd; + } else { + fcc_lseek(data, 0, SEEK_SET); } - else - fcc_lseek(data, (off_t) 0, SEEK_SET); #ifdef MSDOS_FILESYSTEM -/* "disgusting bit of UNIX trivia" - that's how the writers of NFS describe -** the ability of UNIX to still write to a file which has been unlinked. -** Naturally, the PC can't do this. As a result, we have to delete the file -** after we wipe it clean but that throws off all the error handling code. -** So we have do the work ourselves. -*/ - ret = fstat(data->file, &buf); - if (ret == -1) { - kret = krb5_fcc_interpret(context, errno); - size = 0; /* Nothing to wipe clean */ - } else - size = (unsigned long) buf.st_size; + /* + * "Disgusting bit of UNIX trivia" - that's how the writers of NFS describe + * the ability of UNIX to still write to a file which has been unlinked. + * Naturally, the PC can't do this. As a result, we have to delete the + * file after we wipe it clean, but that throws off all the error handling + * code. So we have do the work ourselves. + */ + st = fstat(data->fd, &buf); + if (st == -1) { + ret = interpret_errno(context, errno); + size = 0; /* Nothing to wipe clean */ + } else { + size = (unsigned long)buf.st_size; + } memset(zeros, 0, BUFSIZ); while (size > 0) { - wlen = (int) ((size > BUFSIZ) ? BUFSIZ : size); /* How much to write */ - i = write(data->file, zeros, wlen); + wlen = (int)((size > BUFSIZ) ? BUFSIZ : size); /* How much to write */ + i = write(data->fd, zeros, wlen); if (i < 0) { - kret = krb5_fcc_interpret(context, errno); + ret = interpret_errno(context, errno); /* Don't jump to cleanup--we still want to delete the file. */ break; } - size -= i; /* We've read this much */ + size -= i; } if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; + (void)close(((fcc_data *)id->data)->fd); + data->fd = -1; } - ret = unlink(data->filename); - if (ret < 0) { - kret = krb5_fcc_interpret(context, errno); + st = unlink(data->filename); + if (st < 0) { + ret = interpret_errno(context, errno); goto cleanup; } #else /* MSDOS_FILESYSTEM */ - ret = unlink(data->filename); - if (ret < 0) { - kret = krb5_fcc_interpret(context, errno); + st = unlink(data->filename); + if (st < 0) { + ret = interpret_errno(context, errno); if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; - kret = ret; + (void)close(data->fd); + data->fd = -1; } goto cleanup; } - ret = fstat(data->file, &buf); - if (ret < 0) { - kret = krb5_fcc_interpret(context, errno); + st = fstat(data->fd, &buf); + if (st < 0) { + ret = interpret_errno(context, errno); if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; + (void)close(data->fd); + data->fd = -1; } goto cleanup; } /* XXX This may not be legal XXX */ - size = (unsigned long) buf.st_size; + size = (unsigned long)buf.st_size; memset(zeros, 0, BUFSIZ); - for (i=0; i < size / BUFSIZ; i++) - if (write(data->file, zeros, BUFSIZ) < 0) { - kret = krb5_fcc_interpret(context, errno); + for (i = 0; i < size / BUFSIZ; i++) { + if (write(data->fd, zeros, BUFSIZ) < 0) { + ret = interpret_errno(context, errno); if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; + (void)close(data->fd); + data->fd = -1; } goto cleanup; } + } - wlen = (unsigned int) (size % BUFSIZ); - if (write(data->file, zeros, wlen) < 0) { - kret = krb5_fcc_interpret(context, errno); + wlen = size % BUFSIZ; + if (write(data->fd, zeros, wlen) < 0) { + ret = interpret_errno(context, errno); if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; + (void)close(data->fd); + data->fd = -1; } goto cleanup; } - ret = close(data->file); - data->file = -1; + st = close(data->fd); + data->fd = -1; - if (ret) - kret = krb5_fcc_interpret(context, errno); + if (st) + ret = interpret_errno(context, errno); #endif /* MSDOS_FILESYSTEM */ @@ -1651,37 +1411,19 @@ cleanup: dereference(context, data); free(id); - krb5_change_cache (); - return kret; + krb5_change_cache(); + return ret; } extern const krb5_cc_ops krb5_fcc_ops; -/* - * Requires: - * residual is a legal path name, and a null-terminated string - * - * Modifies: - * id - * - * Effects: - * creates a file-based cred cache that will reside in the file - * residual. The cache is not opened, but the filename is reserved. - * - * Returns: - * A filled in krb5_ccache structure "id". - * - * Errors: - * KRB5_CC_NOMEM - there was insufficient memory to allocate the - * krb5_ccache. id is undefined. - * permission errors - */ +/* Create a file ccache handle for the pathname given by residual. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) +fcc_resolve(krb5_context context, krb5_ccache *id, const char *residual) { krb5_ccache lid; - krb5_error_code kret; - krb5_fcc_data *data; + krb5_error_code ret; + fcc_data *data; struct fcc_set *setptr; k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); @@ -1697,7 +1439,7 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) k5_cc_mutex_lock(context, &data->lock); k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); } else { - data = malloc(sizeof(krb5_fcc_data)); + data = malloc(sizeof(fcc_data)); if (data == NULL) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); return KRB5_CC_NOMEM; @@ -1708,18 +1450,18 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) free(data); return KRB5_CC_NOMEM; } - kret = k5_cc_mutex_init(&data->lock); - if (kret) { + ret = k5_cc_mutex_init(&data->lock); + if (ret) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); free(data->filename); free(data); - return kret; + return ret; } k5_cc_mutex_lock(context, &data->lock); /* data->version,mode filled in for real later */ data->version = data->mode = 0; data->flags = KRB5_TC_OPENCLOSE; - data->file = -1; + data->fd = -1; data->valid_bytes = 0; setptr = malloc(sizeof(struct fcc_set)); if (setptr == NULL) { @@ -1739,7 +1481,7 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) k5_cc_mutex_assert_locked(context, &data->lock); k5_cc_mutex_unlock(context, &data->lock); - lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); + lid = malloc(sizeof(struct _krb5_ccache)); if (lid == NULL) { dereference(context, data); return KRB5_CC_NOMEM; @@ -1749,173 +1491,118 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) lid->data = data; lid->magic = KV5M_CCACHE; - /* other routines will get errors on open, and callers must expect them, - if cache is non-existent/unusable */ + /* Other routines will get errors on open, and callers must expect them, if + * cache is non-existent/unusable. */ *id = lid; - return KRB5_OK; + return 0; } -/* - * Effects: - * Prepares for a sequential search of the credentials cache. - * Returns and krb5_cc_cursor to be used with krb5_fcc_next_cred and - * krb5_fcc_end_seq_get. - * - * If the cache is modified between the time of this call and the time - * of the final krb5_fcc_end_seq_get, the results are undefined. - * - * Errors: - * KRB5_CC_NOMEM - * system errors - */ +/* Prepare for a sequential iteration over the cache file. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_start_seq_get(krb5_context context, krb5_ccache id, - krb5_cc_cursor *cursor) +fcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { krb5_fcc_cursor *fcursor; - krb5_error_code kret = KRB5_OK; - krb5_fcc_data *data = (krb5_fcc_data *)id->data; + krb5_error_code ret; + fcc_data *data = id->data; k5_cc_mutex_lock(context, &data->lock); - fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor)); + fcursor = malloc(sizeof(krb5_fcc_cursor)); if (fcursor == NULL) { k5_cc_mutex_unlock(context, &data->lock); return KRB5_CC_NOMEM; } if (OPENCLOSE(id)) { - kret = krb5_fcc_open_file(context, id, FCC_OPEN_RDONLY); - if (kret) { + ret = open_cache_file(context, id, FCC_OPEN_RDONLY); + if (ret) { free(fcursor); k5_cc_mutex_unlock(context, &data->lock); - return kret; + return ret; } } /* Make sure we start reading right after the primary principal */ - kret = krb5_fcc_skip_header(context, id); - if (kret) { + ret = skip_header(context, id); + if (ret) { free(fcursor); goto done; } - kret = krb5_fcc_skip_principal(context, id); - if (kret) { + ret = skip_principal(context, id); + if (ret) { free(fcursor); goto done; } - fcursor->pos = fcc_lseek(data, (off_t) 0, SEEK_CUR); - *cursor = (krb5_cc_cursor) fcursor; + fcursor->pos = fcc_lseek(data, 0, SEEK_CUR); + *cursor = (krb5_cc_cursor)fcursor; done: - MAYBE_CLOSE(context, id, kret); + MAYBE_CLOSE(context, id, ret); k5_cc_mutex_unlock(context, &data->lock); - return kret; + return ret; } - -/* - * Requires: - * cursor is a krb5_cc_cursor originally obtained from - * krb5_fcc_start_seq_get. - * - * Modifes: - * cursor, creds - * - * Effects: - * Fills in creds with the "next" credentals structure from the cache - * id. The actual order the creds are returned in is arbitrary. - * Space is allocated for the variable length fields in the - * credentials structure, so the object returned must be passed to - * krb5_destroy_credential. - * - * The cursor is updated for the next call to krb5_fcc_next_cred. - * - * Errors: - * system errors - */ +/* Get the next credential from the cache file. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, - krb5_creds *creds) +fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, + krb5_creds *creds) { -#define TCHECK(ret) if (ret != KRB5_OK) goto lose; - krb5_error_code kret; - krb5_fcc_cursor *fcursor; - krb5_int32 int32; - krb5_octet octet; - krb5_fcc_data *d = (krb5_fcc_data *) id->data; - - k5_cc_mutex_lock(context, &d->lock); +#define TCHECK(ret) if (ret) goto lose; + krb5_error_code ret; + krb5_fcc_cursor *fcursor = *cursor; + int32_t int32; + unsigned char octet; + fcc_data *data = id->data; memset(creds, 0, sizeof(*creds)); + k5_cc_mutex_lock(context, &data->lock); MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); - fcursor = (krb5_fcc_cursor *) *cursor; - kret = (fcc_lseek(d, fcursor->pos, SEEK_SET) == (off_t) -1); - if (kret) { - kret = krb5_fcc_interpret(context, errno); - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &d->lock); - return kret; + if (fcc_lseek(data, fcursor->pos, SEEK_SET) == -1) { + ret = interpret_errno(context, errno); + goto lose; } - kret = krb5_fcc_read_principal(context, id, &creds->client); - TCHECK(kret); - kret = krb5_fcc_read_principal(context, id, &creds->server); - TCHECK(kret); - kret = krb5_fcc_read_keyblock(context, id, &creds->keyblock); - TCHECK(kret); - kret = krb5_fcc_read_times(context, id, &creds->times); - TCHECK(kret); - kret = krb5_fcc_read_octet(context, id, &octet); - TCHECK(kret); + ret = read_principal(context, id, &creds->client); + TCHECK(ret); + ret = read_principal(context, id, &creds->server); + TCHECK(ret); + ret = read_keyblock(context, id, &creds->keyblock); + TCHECK(ret); + ret = read_times(context, id, &creds->times); + TCHECK(ret); + ret = read_octet(context, id, &octet); + TCHECK(ret); creds->is_skey = octet; - kret = krb5_fcc_read_int32(context, id, &int32); - TCHECK(kret); + ret = read32(context, id, &int32); + TCHECK(ret); creds->ticket_flags = int32; - kret = krb5_fcc_read_addrs(context, id, &creds->addresses); - TCHECK(kret); - kret = krb5_fcc_read_authdata(context, id, &creds->authdata); - TCHECK(kret); - kret = krb5_fcc_read_data(context, id, &creds->ticket); - TCHECK(kret); - kret = krb5_fcc_read_data(context, id, &creds->second_ticket); - TCHECK(kret); + ret = read_addrs(context, id, &creds->addresses); + TCHECK(ret); + ret = read_authdata(context, id, &creds->authdata); + TCHECK(ret); + ret = read_data(context, id, &creds->ticket); + TCHECK(ret); + ret = read_data(context, id, &creds->second_ticket); + TCHECK(ret); - fcursor->pos = fcc_lseek(d, (off_t) 0, SEEK_CUR); + fcursor->pos = fcc_lseek(data, 0, SEEK_CUR); lose: - MAYBE_CLOSE (context, id, kret); - k5_cc_mutex_unlock(context, &d->lock); - if (kret != KRB5_OK) + MAYBE_CLOSE(context, id, ret); + k5_cc_mutex_unlock(context, &data->lock); + if (ret) krb5_free_cred_contents(context, creds); - return kret; + return ret; } -/* - * Requires: - * cursor is a krb5_cc_cursor originally obtained from - * krb5_fcc_start_seq_get. - * - * Modifies: - * id, cursor - * - * Effects: - * Finishes sequential processing of the file credentials ccache id, - * and invalidates the cursor (it must never be used after this call). - */ -/* ARGSUSED */ +/* Release an iteration cursor. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) +fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - /* We don't do anything with the file cache itself, so - no need to lock anything. */ - - /* don't close; it may be left open by the caller, - and if not, fcc_start_seq_get and/or fcc_next_cred will do the - MAYBE_CLOSE. - MAYBE_CLOSE(context, id, kret); */ - free((krb5_fcc_cursor *) *cursor); + /* We don't do anything with the file cache itself, so no need to lock + * anything. */ + free(*cursor); return 0; } @@ -1925,29 +1612,29 @@ krb5_error_code krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id) { krb5_ccache lid; - int ret; - krb5_error_code kret = 0; - krb5_fcc_data *data; - krb5_int16 fcc_fvno = htons(context->fcc_default_format); - krb5_int16 fcc_flen = 0; + int fd; + krb5_error_code ret; + fcc_data *data; + char fcc_fvno[2]; + int16_t fcc_flen = 0; int errsave, cnt; struct fcc_set *setptr; /* Set master lock */ k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); - ret = mkstemp(template); - if (ret == -1) { + fd = mkstemp(template); + if (fd == -1) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - return krb5_fcc_interpret(context, errno); + return interpret_errno(context, errno); } - set_cloexec_fd(ret); + set_cloexec_fd(fd); /* Allocate memory */ - data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); + data = malloc(sizeof(fcc_data)); if (data == NULL) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - close(ret); + close(fd); unlink(template); return KRB5_CC_NOMEM; } @@ -1956,19 +1643,19 @@ krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id) if (data->filename == NULL) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); free(data); - close(ret); + close(fd); unlink(template); return KRB5_CC_NOMEM; } - kret = k5_cc_mutex_init(&data->lock); - if (kret) { + ret = k5_cc_mutex_init(&data->lock); + if (ret) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); free(data->filename); free(data); - close(ret); + close(fd); unlink(template); - return kret; + return ret; } k5_cc_mutex_lock(context, &data->lock); @@ -1976,47 +1663,46 @@ krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id) * The file is initially closed at the end of this call... */ data->flags = 0; - data->file = -1; + data->fd = -1; data->valid_bytes = 0; /* data->version,mode filled in for real later */ data->version = data->mode = 0; - /* Ignore user's umask, set mode = 0600 */ #ifndef HAVE_FCHMOD #ifdef HAVE_CHMOD chmod(data->filename, S_IRUSR | S_IWUSR); #endif #else - fchmod(ret, S_IRUSR | S_IWUSR); + fchmod(fd, S_IRUSR | S_IWUSR); #endif - if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno))) - != sizeof(fcc_fvno)) { + store_16_be(context->fcc_default_format, fcc_fvno); + cnt = write(fd, &fcc_fvno, 2); + if (cnt != 2) { errsave = errno; - (void) close(ret); - (void) unlink(data->filename); - kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; + (void)close(fd); + (void)unlink(data->filename); + ret = (cnt == -1) ? interpret_errno(context, errsave) : KRB5_CC_IO; goto err_out; } /* For version 4 we save a length for the rest of the header */ - if (context->fcc_default_format == KRB5_FCC_FVNO_4) { - if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen))) - != sizeof(fcc_flen)) { + if (context->fcc_default_format == FVNO_4) { + cnt = write(fd, &fcc_flen, sizeof(fcc_flen)); + if (cnt != sizeof(fcc_flen)) { errsave = errno; - (void) close(ret); - (void) unlink(data->filename); - kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; + (void)close(fd); + (void)unlink(data->filename); + ret = (cnt == -1) ? interpret_errno(context, errsave) : KRB5_CC_IO; goto err_out; } } - if (close(ret) == -1) { + if (close(fd) == -1) { errsave = errno; - (void) unlink(data->filename); - kret = krb5_fcc_interpret(context, errsave); + (void)unlink(data->filename); + ret = interpret_errno(context, errsave); goto err_out; } - setptr = malloc(sizeof(struct fcc_set)); if (setptr == NULL) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); @@ -2024,7 +1710,7 @@ krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id) k5_cc_mutex_destroy(&data->lock); free(data->filename); free(data); - (void) unlink(template); + (void)unlink(template); return KRB5_CC_NOMEM; } setptr->refcount = 1; @@ -2035,7 +1721,7 @@ krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id) k5_cc_mutex_assert_locked(context, &data->lock); k5_cc_mutex_unlock(context, &data->lock); - lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); + lid = malloc(sizeof(*lid)); if (lid == NULL) { dereference(context, data); return KRB5_CC_NOMEM; @@ -2045,15 +1731,13 @@ krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id) lid->data = data; lid->magic = KV5M_CCACHE; - /* default to open/close on every trn - otherwise destroy - will get as to state confused */ - ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE; + /* Default to open/close on every call. */ + data->flags = KRB5_TC_OPENCLOSE; *id = lid; - - krb5_change_cache (); - return KRB5_OK; + krb5_change_cache(); + return 0; err_out: k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); @@ -2061,220 +1745,159 @@ err_out: k5_cc_mutex_destroy(&data->lock); free(data->filename); free(data); - return kret; + return ret; } /* - * Effects: - * Creates a new file cred cache whose name is guaranteed to be - * unique. The name begins with the string TKT_ROOT (from fcc.h). - * The cache is not opened, but the new filename is reserved. - * - * Returns: - * The filled in krb5_ccache id. - * - * Errors: - * KRB5_CC_NOMEM - there was insufficient memory to allocate the - * krb5_ccache. id is undefined. - * system errors (from open) + * Create a new file cred cache whose name is guaranteed to be unique. The + * name begins with the string TKT_ROOT (from fcc.h). The cache file is not + * opened, but the new filename is reserved. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) +fcc_generate_new(krb5_context context, krb5_ccache *id) { - char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for - NUL */ + char scratch[sizeof(TKT_ROOT) + 7]; /* Room for XXXXXX and terminator */ - (void) snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT); + (void)snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT); return krb5int_fcc_new_unique(context, scratch, id); } -/* - * Requires: - * id is a file credential cache - * - * Returns: - * The name of the file cred cache id. - */ +/* Return an alias to the pathname of the cache file. */ static const char * KRB5_CALLCONV -krb5_fcc_get_name (krb5_context context, krb5_ccache id) +fcc_get_name(krb5_context context, krb5_ccache id) { - return (char *) ((krb5_fcc_data *) id->data)->filename; + return ((fcc_data *)id->data)->filename; } -/* - * Modifies: - * id, princ - * - * Effects: - * Retrieves the primary principal from id, as set with - * krb5_fcc_initialize. The principal is returned is allocated - * storage that must be freed by the caller via krb5_free_principal. - * - * Errors: - * system errors - * KRB5_CC_NOMEM - */ +/* Retrieve a copy of the default principal, if the cache is initialized. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) +fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) { - krb5_error_code kret = KRB5_OK; + krb5_error_code ret; - k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_lock(context, &((fcc_data *)id->data)->lock); MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); /* make sure we're beyond the header */ - kret = krb5_fcc_skip_header(context, id); - if (kret) goto done; - kret = krb5_fcc_read_principal(context, id, princ); + ret = skip_header(context, id); + if (ret) + goto done; + ret = read_principal(context, id, princ); done: - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - return kret; + MAYBE_CLOSE(context, id, ret); + k5_cc_mutex_unlock(context, &((fcc_data *)id->data)->lock); + return ret; } - +/* Search for a credential within the cache file. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds) +fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, + krb5_creds *mcreds, krb5_creds *creds) { return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, creds); } - -/* - * Modifies: - * the file cache - * - * Effects: - * stores creds in the file cred cache - * - * Errors: - * system errors - * storage failure errors - */ +/* Store a credential in the cache file. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds) +fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds) { -#define TCHECK(ret) if (ret != KRB5_OK) goto lose; +#define TCHECK(ret) if (ret) goto lose; krb5_error_code ret; - k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_lock(context, &((fcc_data *)id->data)->lock); /* Make sure we are writing to the end of the file */ MAYBE_OPEN(context, id, FCC_OPEN_RDWR); /* Make sure we are writing to the end of the file */ - ret = fcc_lseek((krb5_fcc_data *) id->data, (off_t) 0, SEEK_END); + ret = fcc_lseek(id->data, 0, SEEK_END); if (ret < 0) { - MAYBE_CLOSE_IGNORE(context, id); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - return krb5_fcc_interpret(context, errno); + if (OPENCLOSE(id)) + (void)close_cache_file(context, id->data); + k5_cc_mutex_unlock(context, &((fcc_data *)id->data)->lock); + return interpret_errno(context, errno); } - ret = krb5_fcc_store_principal(context, id, creds->client); + ret = store_principal(context, id, creds->client); TCHECK(ret); - ret = krb5_fcc_store_principal(context, id, creds->server); + ret = store_principal(context, id, creds->server); TCHECK(ret); - ret = krb5_fcc_store_keyblock(context, id, &creds->keyblock); + ret = store_keyblock(context, id, &creds->keyblock); TCHECK(ret); - ret = krb5_fcc_store_times(context, id, &creds->times); + ret = store_times(context, id, &creds->times); TCHECK(ret); - ret = krb5_fcc_store_octet(context, id, (krb5_int32) creds->is_skey); + ret = store_octet(context, id, creds->is_skey); TCHECK(ret); - ret = krb5_fcc_store_int32(context, id, creds->ticket_flags); + ret = store32(context, id, creds->ticket_flags); TCHECK(ret); - ret = krb5_fcc_store_addrs(context, id, creds->addresses); + ret = store_addrs(context, id, creds->addresses); TCHECK(ret); - ret = krb5_fcc_store_authdata(context, id, creds->authdata); + ret = store_authdata(context, id, creds->authdata); TCHECK(ret); - ret = krb5_fcc_store_data(context, id, &creds->ticket); + ret = store_data(context, id, &creds->ticket); TCHECK(ret); - ret = krb5_fcc_store_data(context, id, &creds->second_ticket); + ret = store_data(context, id, &creds->second_ticket); TCHECK(ret); lose: MAYBE_CLOSE(context, id, ret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - krb5_change_cache (); + k5_cc_mutex_unlock(context, &((fcc_data *)id->data)->lock); + krb5_change_cache(); return ret; #undef TCHECK } -/* - * Non-functional stub implementation for krb5_fcc_remove - * - * Errors: - * KRB5_CC_NOSUPP - not implemented - */ +/* Non-functional stub for removing a cred from the cache file. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, - krb5_creds *creds) +fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, + krb5_creds *creds) { return KRB5_CC_NOSUPP; } -/* - * Requires: - * id is a cred cache returned by krb5_fcc_resolve or - * krb5_fcc_generate_new, but has not been opened by krb5_fcc_initialize. - * - * Modifies: - * id - * - * Effects: - * Sets the operational flags of id to flags. - */ +/* Set flags for the ccache. Open the cache file if KRB5_TC_OPENCLOSE is + * turned off, or close it if it is turned on. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) +fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { - krb5_error_code ret = KRB5_OK; + fcc_data *data = id->data; - k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_lock(context, &data->lock); - /* XXX This should check for illegal combinations, if any.. */ if (flags & KRB5_TC_OPENCLOSE) { - /* asking to turn on OPENCLOSE mode */ - if (!OPENCLOSE(id) - /* XXX Is this test necessary? */ - && ((krb5_fcc_data *) id->data)->file != NO_FILE) - (void) krb5_fcc_close_file (context, ((krb5_fcc_data *) id->data)); + /* Asking to turn on OPENCLOSE mode. */ + if (!OPENCLOSE(id)) + (void)close_cache_file(context, data); } else { - /* asking to turn off OPENCLOSE mode, meaning it must be - left open. We open if it's not yet open */ + /* Asking to turn off OPENCLOSE mode, meaning it must be + * left open. We open if it's not yet open. */ MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); } - ((krb5_fcc_data *) id->data)->flags = flags; - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - return ret; + data->flags = flags; + k5_cc_mutex_unlock(context, &data->lock); + return 0; } -/* - * Requires: - * id is a cred cache returned by krb5_fcc_resolve or - * krb5_fcc_generate_new, but has not been opened by krb5_fcc_initialize. - * - * Modifies: - * id (mutex only; temporary) - * - * Effects: - * Returns the operational flags of id. - */ +/* Get the current flags for the cache. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags) +fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags) { - k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); - *flags = ((krb5_fcc_data *) id->data)->flags; - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); + fcc_data *data = id->data; + + k5_cc_mutex_lock(context, &data->lock); + *flags = data->flags; + k5_cc_mutex_unlock(context, &data->lock); return 0; } +/* Prepare to iterate over the caches in the per-type collection. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor) +fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor) { - krb5_error_code ret = 0; krb5_cc_ptcursor n = NULL; struct krb5_fcc_ptcursor_data *cdata = NULL; @@ -2292,12 +1915,14 @@ krb5_fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor) cdata->first = TRUE; n->data = cdata; *cursor = n; - return ret; + return 0; } +/* Get the next cache in the per-type collection. The FILE per-type collection + * contains only the context's default cache if it is a file cache. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, - krb5_ccache *cache_out) +fcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, + krb5_ccache *cache_out) { krb5_error_code ret; struct krb5_fcc_ptcursor_data *cdata = cursor->data; @@ -2333,9 +1958,9 @@ krb5_fcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, return 0; } +/* Release a per-type collection iteration cursor. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_ptcursor_free(krb5_context context, - krb5_cc_ptcursor *cursor) +fcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor) { if (*cursor == NULL) return 0; @@ -2345,93 +1970,76 @@ krb5_fcc_ptcursor_free(krb5_context context, return 0; } -/* - * Modifies: - * change_time - * - * Effects: - * Returns the timestamp of id's file modification date. - * If an error occurs, change_time is set to 0. - */ +/* Get the cache file's last modification time. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_last_change_time(krb5_context context, krb5_ccache id, - krb5_timestamp *change_time) +fcc_last_change_time(krb5_context context, krb5_ccache id, + krb5_timestamp *change_time) { - krb5_error_code kret = KRB5_OK; - krb5_fcc_data *data = (krb5_fcc_data *) id->data; + krb5_error_code ret = 0; + fcc_data *data = id->data; + struct stat buf; + + *change_time = 0; - kret = krb5_fcc_data_last_change_time(context, data, change_time); + k5_cc_mutex_lock(context, &data->lock); - return kret; + if (stat(data->filename, &buf) == -1) + ret = interpret_errno(context, errno); + else + *change_time = (krb5_timestamp)buf.st_mtime; + + k5_cc_mutex_unlock(context, &data->lock); + + return ret; } +/* Lock the cache handle against other threads. (This does not lock the cache + * file against other processes.) */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_lock(krb5_context context, krb5_ccache id) +fcc_lock(krb5_context context, krb5_ccache id) { - krb5_fcc_data *data = (krb5_fcc_data *) id->data; + fcc_data *data = id->data; k5_cc_mutex_lock(context, &data->lock); return 0; } +/* Unlock the cache handle. */ static krb5_error_code KRB5_CALLCONV -krb5_fcc_unlock(krb5_context context, krb5_ccache id) +fcc_unlock(krb5_context context, krb5_ccache id) { - krb5_fcc_data *data = (krb5_fcc_data *) id->data; + fcc_data *data = id->data; k5_cc_mutex_unlock(context, &data->lock); return 0; } +/* Translate a system errno value to a Kerberos com_err code. */ static krb5_error_code -krb5_fcc_data_last_change_time(krb5_context context, krb5_fcc_data *data, - krb5_timestamp *change_time) +interpret_errno(krb5_context context, int errnum) { - krb5_error_code kret = KRB5_OK; - register int ret; - - struct stat buf; - - *change_time = 0; - - k5_cc_mutex_lock(context, &data->lock); - - ret = stat(data->filename, &buf); - if (ret == -1) { - kret = krb5_fcc_interpret(context, errno); - } else { - *change_time = (krb5_timestamp) buf.st_mtime; - } - - k5_cc_mutex_unlock(context, &data->lock); - - return kret; -} + krb5_error_code ret; -static krb5_error_code -krb5_fcc_interpret(krb5_context context, int errnum) -{ - register krb5_error_code retval; switch (errnum) { case ENOENT: - retval = KRB5_FCC_NOFILE; + ret = KRB5_FCC_NOFILE; break; case EPERM: case EACCES: #ifdef EISDIR - case EISDIR: /* Mac doesn't have EISDIR */ + case EISDIR: /* Mac doesn't have EISDIR */ #endif case ENOTDIR: #ifdef ELOOP - case ELOOP: /* Bad symlink is like no file. */ + case ELOOP: /* Bad symlink is like no file. */ #endif #ifdef ETXTBSY case ETXTBSY: #endif case EBUSY: case EROFS: - retval = KRB5_FCC_PERM; + ret = KRB5_FCC_PERM; break; case EINVAL: - case EEXIST: /* XXX */ + case EEXIST: case EFAULT: case EBADF: #ifdef ENAMETOOLONG @@ -2440,7 +2048,7 @@ krb5_fcc_interpret(krb5_context context, int errnum) #ifdef EWOULDBLOCK case EWOULDBLOCK: #endif - retval = KRB5_FCC_INTERNAL; + ret = KRB5_FCC_INTERNAL; break; #ifdef EDQUOT case EDQUOT: @@ -2451,40 +2059,40 @@ krb5_fcc_interpret(krb5_context context, int errnum) case EMFILE: case ENXIO: default: - retval = KRB5_CC_IO; /* XXX */ - krb5_set_error_message(context, retval, + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, _("Credentials cache I/O operation failed " "(%s)"), strerror(errnum)); } - return retval; + return ret; } const krb5_cc_ops krb5_fcc_ops = { 0, "FILE", - krb5_fcc_get_name, - krb5_fcc_resolve, - krb5_fcc_generate_new, - krb5_fcc_initialize, - krb5_fcc_destroy, - krb5_fcc_close, - krb5_fcc_store, - krb5_fcc_retrieve, - krb5_fcc_get_principal, - krb5_fcc_start_seq_get, - krb5_fcc_next_cred, - krb5_fcc_end_seq_get, - krb5_fcc_remove_cred, - krb5_fcc_set_flags, - krb5_fcc_get_flags, - krb5_fcc_ptcursor_new, - krb5_fcc_ptcursor_next, - krb5_fcc_ptcursor_free, + fcc_get_name, + fcc_resolve, + fcc_generate_new, + fcc_initialize, + fcc_destroy, + fcc_close, + fcc_store, + fcc_retrieve, + fcc_get_principal, + fcc_start_seq_get, + fcc_next_cred, + fcc_end_seq_get, + fcc_remove_cred, + fcc_set_flags, + fcc_get_flags, + fcc_ptcursor_new, + fcc_ptcursor_next, + fcc_ptcursor_free, NULL, /* move */ - krb5_fcc_last_change_time, + fcc_last_change_time, NULL, /* wasdefault */ - krb5_fcc_lock, - krb5_fcc_unlock, + fcc_lock, + fcc_unlock, NULL, /* switch_to */ }; @@ -2498,15 +2106,15 @@ const krb5_cc_ops krb5_fcc_ops = { */ krb5_error_code -krb5_change_cache (void) { - +krb5_change_cache(void) +{ PostMessage(HWND_BROADCAST, krb5_get_notification_message(), 0, 0); - return 0; } unsigned int KRB5_CALLCONV -krb5_get_notification_message (void) { +krb5_get_notification_message(void) +{ static unsigned int message = 0; if (message == 0) @@ -2517,12 +2125,13 @@ krb5_get_notification_message (void) { #else /* _WIN32 */ krb5_error_code -krb5_change_cache (void) +krb5_change_cache(void) { return 0; } + unsigned int -krb5_get_notification_message (void) +krb5_get_notification_message(void) { return 0; } @@ -2532,28 +2141,28 @@ krb5_get_notification_message (void) const krb5_cc_ops krb5_cc_file_ops = { 0, "FILE", - krb5_fcc_get_name, - krb5_fcc_resolve, - krb5_fcc_generate_new, - krb5_fcc_initialize, - krb5_fcc_destroy, - krb5_fcc_close, - krb5_fcc_store, - krb5_fcc_retrieve, - krb5_fcc_get_principal, - krb5_fcc_start_seq_get, - krb5_fcc_next_cred, - krb5_fcc_end_seq_get, - krb5_fcc_remove_cred, - krb5_fcc_set_flags, - krb5_fcc_get_flags, - krb5_fcc_ptcursor_new, - krb5_fcc_ptcursor_next, - krb5_fcc_ptcursor_free, + fcc_get_name, + fcc_resolve, + fcc_generate_new, + fcc_initialize, + fcc_destroy, + fcc_close, + fcc_store, + fcc_retrieve, + fcc_get_principal, + fcc_start_seq_get, + fcc_next_cred, + fcc_end_seq_get, + fcc_remove_cred, + fcc_set_flags, + fcc_get_flags, + fcc_ptcursor_new, + fcc_ptcursor_next, + fcc_ptcursor_free, NULL, /* move */ - krb5_fcc_last_change_time, + fcc_last_change_time, NULL, /* wasdefault */ - krb5_fcc_lock, - krb5_fcc_unlock, + fcc_lock, + fcc_unlock, NULL, /* switch_to */ }; diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index 27bad9d8a..a20258160 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -208,23 +208,21 @@ debug_print(char *fmt, ...) #define KRCC_USER_ANCHOR "user" #define KRCC_LEGACY_ANCHOR "legacy" -#define KRB5_OK 0 - /* Hopefully big enough to hold a serialized credential */ #define MAX_CRED_SIZE (1024*1024) -#define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest -#define CHECK(ret) if (ret != KRB5_OK) goto errout -#define CHECK_OUT(ret) if (ret != KRB5_OK) return ret +#define CHECK_N_GO(ret, errdest) if (ret) goto errdest +#define CHECK(ret) if (ret) goto errout +#define CHECK_OUT(ret) if (ret) return ret -typedef struct _krb5_krcc_cursor +typedef struct _krcc_cursor { - int numkeys; - int currkey; + int numkeys; + int currkey; key_serial_t princ_id; key_serial_t offsets_id; key_serial_t *keys; -} *krb5_krcc_cursor; +} *krcc_cursor; /* * This represents a credentials cache "file" @@ -232,202 +230,139 @@ typedef struct _krb5_krcc_cursor * this credentials cache "file". Each key * in the keyring contains a separate key. */ -typedef struct _krb5_krcc_data +typedef struct _krcc_data { - char *name; /* Name for this credentials cache */ + char *name; /* Name for this credentials cache */ k5_cc_mutex lock; /* synchronization */ key_serial_t collection_id; /* collection containing this cache keyring */ key_serial_t cache_id; /* keyring representing ccache */ key_serial_t princ_id; /* key holding principal info */ krb5_timestamp changetime; krb5_boolean is_legacy_type; -} krb5_krcc_data; +} krcc_data; /* Passed internally to assure we don't go past the bounds of our buffer */ -typedef struct _krb5_krcc_buffer_cursor +typedef struct _krcc_buffer_cursor { char *bpp; char *endp; size_t size; /* For dry-run length calculation */ -} krb5_krcc_bc; +} krcc_bc; /* Global mutex */ k5_cc_mutex krb5int_krcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER; -/* - * Internal functions (exported via the krb5_krcc_ops) - */ - extern const krb5_cc_ops krb5_krcc_ops; -static const char *KRB5_CALLCONV krb5_krcc_get_name -(krb5_context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_resolve -(krb5_context, krb5_ccache * id, const char *residual); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_generate_new -(krb5_context, krb5_ccache * id); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_initialize -(krb5_context, krb5_ccache id, krb5_principal princ); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_destroy -(krb5_context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_close -(krb5_context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_store -(krb5_context, krb5_ccache id, krb5_creds * creds); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_retrieve -(krb5_context, krb5_ccache id, krb5_flags whichfields, - krb5_creds * mcreds, krb5_creds * creds); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_get_principal -(krb5_context, krb5_ccache id, krb5_principal * princ); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_start_seq_get -(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_next_cred -(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor, - krb5_creds * creds); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_end_seq_get -(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_remove_cred -(krb5_context context, krb5_ccache cache, krb5_flags flags, - krb5_creds * creds); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_set_flags -(krb5_context, krb5_ccache id, krb5_flags flags); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_get_flags -(krb5_context context, krb5_ccache id, krb5_flags * flags); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_last_change_time -(krb5_context, krb5_ccache, krb5_timestamp *); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_lock -(krb5_context context, krb5_ccache id); - -static krb5_error_code KRB5_CALLCONV krb5_krcc_unlock -(krb5_context context, krb5_ccache id); +static const char *KRB5_CALLCONV +krcc_get_name(krb5_context context, krb5_ccache id); -static krb5_error_code KRB5_CALLCONV krb5_krcc_ptcursor_new -(krb5_context context, krb5_cc_ptcursor *cursor_out); +static krb5_error_code KRB5_CALLCONV +krcc_start_seq_get(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); -static krb5_error_code KRB5_CALLCONV krb5_krcc_ptcursor_next -(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *cache_out); +static krb5_error_code KRB5_CALLCONV +krcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, + krb5_creds *creds); -static krb5_error_code KRB5_CALLCONV krb5_krcc_ptcursor_free -(krb5_context context, krb5_cc_ptcursor *cursor); +static krb5_error_code KRB5_CALLCONV +krcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor); -static krb5_error_code KRB5_CALLCONV krb5_krcc_switch_to -(krb5_context context, krb5_ccache cache); +static krb5_error_code KRB5_CALLCONV +krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor); -/* - * Internal utility functions - */ +static krb5_error_code clear_cache_keyring(krb5_context context, + krb5_ccache id); -static krb5_error_code krb5_krcc_clearcache -(krb5_context context, krb5_ccache id); +static krb5_error_code make_krcc_data(const char *anchor_name, + const char *collection_name, + const char *subsidiary_name, + key_serial_t cache_id, key_serial_t + collection_id, krcc_data **datapp); -static krb5_error_code krb5_krcc_new_data -(const char *anchor_name, const char *collection_name, - const char *subsidiary_name, key_serial_t cache_id, - key_serial_t collection_id, krb5_krcc_data **datapp); +static krb5_error_code save_principal(krb5_context context, krb5_ccache id, + krb5_principal princ); -static krb5_error_code krb5_krcc_save_principal -(krb5_context context, krb5_ccache id, krb5_principal princ); +static krb5_error_code save_time_offsets(krb5_context context, krb5_ccache id, + int32_t time_offset, + int32_t usec_offset); -static krb5_error_code krb5_krcc_retrieve_principal -(krb5_context context, krb5_ccache id, krb5_principal * princ); -static krb5_error_code krb5_krcc_save_time_offsets -(krb5_context context, krb5_ccache id, krb5_int32 time_offset, - krb5_int32 usec_offset); -static krb5_error_code krb5_krcc_get_time_offsets -(krb5_context context, krb5_ccache id, krb5_int32 *time_offset, - krb5_int32 *usec_offset); +static krb5_error_code get_time_offsets(krb5_context context, krb5_ccache id, + int32_t *time_offset, + int32_t *usec_offset); /* Routines to parse a key from a keyring into a cred structure */ -static krb5_error_code krb5_krcc_parse -(krb5_context, krb5_pointer buf, unsigned int len, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_cred -(krb5_context context, krb5_creds * creds, char *payload, int psize); -static krb5_error_code krb5_krcc_parse_principal -(krb5_context context, krb5_principal * princ, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_keyblock -(krb5_context context, krb5_keyblock * keyblock, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_times -(krb5_context context, krb5_ticket_times * t, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_krb5data -(krb5_context context, krb5_data * data, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_int32 -(krb5_context context, krb5_int32 * i, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_octet -(krb5_context context, krb5_octet * octet, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_addrs -(krb5_context context, krb5_address *** a, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_addr -(krb5_context context, krb5_address * a, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_authdata -(krb5_context context, krb5_authdata *** ad, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_authdatum -(krb5_context context, krb5_authdata * ad, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_parse_ui_2 -(krb5_context, krb5_ui_2 * i, krb5_krcc_bc * bc); +static krb5_error_code parse(krb5_context context, void *buf, + unsigned int len, krcc_bc *bc); +static krb5_error_code parse_cred(krb5_context context, krb5_creds *creds, + char *payload, int psize); +static krb5_error_code parse_principal(krb5_context context, + krb5_principal *princ, krcc_bc *bc); +static krb5_error_code parse_keyblock(krb5_context context, + krb5_keyblock *keyblock, krcc_bc *bc); +static krb5_error_code parse_times(krb5_context context, krb5_ticket_times *t, + krcc_bc *bc); +static krb5_error_code parse_krb5data(krb5_context context, krb5_data *data, + krcc_bc *bc); +static krb5_error_code parse_int32(krb5_context context, int32_t *i, + krcc_bc *bc); +static krb5_error_code parse_octet(krb5_context context, krb5_octet *octet, + krcc_bc *bc); +static krb5_error_code parse_addrs(krb5_context context, krb5_address ***a, + krcc_bc *bc); +static krb5_error_code parse_addr(krb5_context context, krb5_address *a, + krcc_bc *bc); +static krb5_error_code parse_authdata(krb5_context context, + krb5_authdata ***ad, krcc_bc *bc); +static krb5_error_code parse_authdatum(krb5_context context, + krb5_authdata *ad, krcc_bc *bc); +static krb5_error_code parse_uint16(krb5_context, uint16_t *i, krcc_bc *bc); /* Routines to unparse a cred structure into keyring key */ -static krb5_error_code krb5_krcc_unparse -(krb5_context, krb5_pointer buf, unsigned int len, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_cred_alloc -(krb5_context context, krb5_creds * creds, - char **datapp, unsigned int *lenptr); -static krb5_error_code krb5_krcc_unparse_cred -(krb5_context context, krb5_creds * creds, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_principal -(krb5_context, krb5_principal princ, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_keyblock -(krb5_context, krb5_keyblock * keyblock, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_times -(krb5_context, krb5_ticket_times * t, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_krb5data -(krb5_context, krb5_data * data, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_int32 -(krb5_context, krb5_int32 i, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_octet -(krb5_context, krb5_int32 i, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_addrs -(krb5_context, krb5_address ** a, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_addr -(krb5_context, krb5_address * a, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_authdata -(krb5_context, krb5_authdata ** ad, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_authdatum -(krb5_context, krb5_authdata * ad, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_ui_4 -(krb5_context, krb5_ui_4 i, krb5_krcc_bc * bc); -static krb5_error_code krb5_krcc_unparse_ui_2 -(krb5_context, krb5_int32 i, krb5_krcc_bc * bc); -static void krb5_krcc_update_change_time -(krb5_krcc_data *); - -static krb5_error_code -krb5_krcc_parse_index(krb5_context context, krb5_int32 *version, - char **primary, void *payload, int psize); -static krb5_error_code -krb5_krcc_unparse_index(krb5_context context, krb5_int32 version, - const char *primary, void **datapp, int *lenptr); -static krb5_error_code -krb5_krcc_parse_offsets(krb5_context context, krb5_int32 *time_offset, - krb5_int32 *usec_offset, void *payload, int psize); -static krb5_error_code -krb5_krcc_unparse_offsets(krb5_context context, krb5_int32 time_offset, - krb5_int32 usec_offset, void **datapp, int *lenptr); +static krb5_error_code unparse(krb5_context context, void *buf, + unsigned int len, krcc_bc * bc); +static krb5_error_code unparse_cred_alloc(krb5_context context, + krb5_creds *creds, char **datapp, + unsigned int *lenptr); +static krb5_error_code unparse_cred(krb5_context context, krb5_creds *creds, + krcc_bc *bc); +static krb5_error_code unparse_principal(krb5_context, krb5_principal princ, + krcc_bc *bc); +static krb5_error_code unparse_keyblock(krb5_context, krb5_keyblock *keyblock, + krcc_bc *bc); +static krb5_error_code unparse_times(krb5_context, krb5_ticket_times *t, + krcc_bc *bc); +static krb5_error_code unparse_krb5data(krb5_context, krb5_data *data, + krcc_bc *bc); +static krb5_error_code unparse_int32(krb5_context context, int32_t i, + krcc_bc *bc); +static krb5_error_code unparse_octet(krb5_context context, int32_t i, + krcc_bc *bc); +static krb5_error_code unparse_addrs(krb5_context context, krb5_address **a, + krcc_bc *bc); +static krb5_error_code unparse_addr(krb5_context context, krb5_address *a, + krcc_bc *bc); +static krb5_error_code unparse_authdata(krb5_context context, + krb5_authdata **ad, krcc_bc *bc); +static krb5_error_code unparse_authdatum(krb5_context context, + krb5_authdata *ad, krcc_bc *bc); +static krb5_error_code unparse_uint32(krb5_context context, uint32_t i, + krcc_bc *bc); +static krb5_error_code unparse_uint16(krb5_context, int32_t i, krcc_bc *bc); +static void krcc_update_change_time(krcc_data *d); + +static krb5_error_code parse_index(krb5_context context, int32_t *version, + char **primary, void *payload, int psize); +static krb5_error_code unparse_index(krb5_context context, int32_t version, + const char *primary, void **datapp, + int *lenptr); +static krb5_error_code parse_offsets(krb5_context context, + int32_t *time_offset, + int32_t *usec_offset, void *payload, + int psize); +static krb5_error_code unparse_offsets(krb5_context context, + int32_t time_offset, + int32_t usec_offset, void **datapp, + int *lenptr); /* Note the following is a stub function for Linux */ extern krb5_error_code krb5_change_cache(void); @@ -695,8 +630,8 @@ set_primary_name(krb5_context context, key_serial_t collection_id, void *payload = NULL; int payloadlen; - ret = krb5_krcc_unparse_index(context, KRCC_COLLECTION_VERSION, - subsidiary_name, &payload, &payloadlen); + ret = unparse_index(context, KRCC_COLLECTION_VERSION, subsidiary_name, + &payload, &payloadlen); if (ret) return ret; key = add_key(KRCC_KEY_TYPE_USER, KRCC_COLLECTION_PRIMARY, @@ -719,7 +654,7 @@ get_primary_name(krb5_context context, const char *anchor_name, key_serial_t primary_id, legacy; void *payload = NULL; int payloadlen; - krb5_int32 version; + int32_t version; char *subsidiary_name = NULL; *subsidiary_out = NULL; @@ -756,8 +691,8 @@ get_primary_name(krb5_context context, const char *anchor_name, ret = errno; goto cleanup; } - ret = krb5_krcc_parse_index(context, &version, &subsidiary_name, - payload, payloadlen); + ret = parse_index(context, &version, &subsidiary_name, payload, + payloadlen); if (ret) goto cleanup; @@ -830,7 +765,7 @@ unique_keyring(krb5_context context, key_serial_t collection_id, goto cleanup; } *cache_id_out = key; - ret = KRB5_OK; + ret = 0; cleanup: k5_cc_mutex_unlock(context, &krb5int_krcc_mutex); return ret; @@ -865,7 +800,7 @@ add_cred_key(const char *name, const void *payload, size_t plen, static void update_keyring_expiration(krb5_context context, krb5_ccache id) { - krb5_krcc_data *d = (krb5_krcc_data *)id->data; + krcc_data *data = id->data; krb5_cc_cursor cursor; krb5_creds creds; krb5_timestamp now, endtime = 0; @@ -879,16 +814,16 @@ update_keyring_expiration(krb5_context context, krb5_ccache id) */ /* Find the maximum endtime of all creds in the cache. */ - if (krb5_krcc_start_seq_get(context, id, &cursor) != 0) + if (krcc_start_seq_get(context, id, &cursor) != 0) return; for (;;) { - if (krb5_krcc_next_cred(context, id, &cursor, &creds) != 0) + if (krcc_next_cred(context, id, &cursor, &creds) != 0) break; if (creds.times.endtime > endtime) endtime = creds.times.endtime; krb5_free_cred_contents(context, &creds); } - (void)krb5_krcc_end_seq_get(context, id, &cursor); + (void)krcc_end_seq_get(context, id, &cursor); if (endtime == 0) /* No creds with end times */ return; @@ -899,37 +834,22 @@ update_keyring_expiration(krb5_context context, krb5_ccache id) /* Setting the timeout to zero would reset the timeout, so we set it to one * second instead if creds are already expired. */ timeout = (endtime > now) ? endtime - now : 1; - (void)keyctl_set_timeout(d->cache_id, timeout); + (void)keyctl_set_timeout(data->cache_id, timeout); } -/* - * Modifies: - * id - * - * Effects: - * Creates/refreshes the cred cache id. If the cache exists, its - * contents are destroyed. - * - * Errors: - * system errors - * permission errors - */ - +/* Create or overwrite the cache keyring, and set the default principal. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_initialize(krb5_context context, krb5_ccache id, - krb5_principal princ) +krcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) { - krb5_krcc_data *data = (krb5_krcc_data *)id->data; + krcc_data *data = (krcc_data *)id->data; krb5_os_context os_ctx = &context->os_context; - krb5_error_code kret; + krb5_error_code ret; const char *cache_name, *p; - DEBUG_PRINT(("krb5_krcc_initialize: entered\n")); - k5_cc_mutex_lock(context, &data->lock); - kret = krb5_krcc_clearcache(context, id); - if (kret != KRB5_OK) + ret = clear_cache_keyring(context, id); + if (ret) goto out; if (!data->cache_id) { @@ -937,9 +857,9 @@ krb5_krcc_initialize(krb5_context context, krb5_ccache id, * key if it still isn't there. */ p = strrchr(data->name, ':'); cache_name = (p != NULL) ? p + 1 : data->name; - kret = find_or_create_keyring(data->collection_id, 0, cache_name, - &data->cache_id); - if (kret) + ret = find_or_create_keyring(data->collection_id, 0, cache_name, + &data->cache_id); + if (ret) goto out; } @@ -948,131 +868,91 @@ krb5_krcc_initialize(krb5_context context, krb5_ccache id, if (is_legacy_cache_name(data->name)) (void)keyctl_link(data->cache_id, session_write_anchor()); - kret = krb5_krcc_save_principal(context, id, princ); + ret = save_principal(context, id, princ); /* Save time offset if it is valid and this is not a legacy cache. Legacy * applications would fail to parse the new key in the cache keyring. */ if (!is_legacy_cache_name(data->name) && (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) { - kret = krb5_krcc_save_time_offsets(context, id, os_ctx->time_offset, - os_ctx->usec_offset); + ret = save_time_offsets(context, id, os_ctx->time_offset, + os_ctx->usec_offset); } - if (kret == KRB5_OK) + if (ret == 0) krb5_change_cache(); out: k5_cc_mutex_unlock(context, &data->lock); - return kret; + return ret; } -/* - * Modifies: - * id - * - * Effects: - * Invalidates the id, and frees any resources associated with the cache. - * (Does NOT destroy the underlying ccache in the keyring.) - */ +/* Release the ccache handle. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_close(krb5_context context, krb5_ccache id) +krcc_close(krb5_context context, krb5_ccache id) { - krb5_krcc_data *d; - - DEBUG_PRINT(("krb5_krcc_close: entered\n")); - - d = (krb5_krcc_data *) id->data; - - free(d->name); - k5_cc_mutex_destroy(&d->lock); - free(d); + krcc_data *data = id->data; + k5_cc_mutex_destroy(&data->lock); + free(data->name); + free(data); free(id); - - return KRB5_OK; + return 0; } -/* - * Modifies: - * id - * - * Effects: - * Clears out a ccache keyring, unlinking all keys within it - * (Including the "hidden" key with the principal information) - * - * Requires: - * Must be called with mutex locked. - * - * Errors: - * system errors - */ - -static krb5_error_code -krb5_krcc_clearcache(krb5_context context, krb5_ccache id) +/* Clear out a ccache keyring, unlinking all keys within it. Call with the + * mutex locked. */ +static krb5_error_code +clear_cache_keyring(krb5_context context, krb5_ccache id) { - krb5_krcc_data *d; - int res; + krcc_data *data = id->data; + int res; - k5_cc_mutex_assert_locked(context, &((krb5_krcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &data->lock); - d = (krb5_krcc_data *) id->data; + DEBUG_PRINT(("clear_cache_keyring: cache_id %d, princ_id %d\n", + data->cache_id, data->princ_id)); - DEBUG_PRINT(("krb5_krcc_clearcache: cache_id %d, princ_id %d\n", - d->cache_id, d->princ_id)); - - if (d->cache_id) { - res = keyctl_clear(d->cache_id); + if (data->cache_id) { + res = keyctl_clear(data->cache_id); if (res != 0) return errno; } - d->princ_id = 0; - krb5_krcc_update_change_time(d); + data->princ_id = 0; + krcc_update_change_time(data); - return KRB5_OK; + return 0; } -/* - * Effects: - * Destroys the contents of id. - * - * Errors: - * system errors - */ +/* Destroy the cache keyring and release the handle. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_destroy(krb5_context context, krb5_ccache id) +krcc_destroy(krb5_context context, krb5_ccache id) { - krb5_error_code kret = 0; - krb5_krcc_data *d; - int res; + krb5_error_code ret = 0; + krcc_data *data = id->data; + int res; - DEBUG_PRINT(("krb5_krcc_destroy: entered\n")); - - d = (krb5_krcc_data *) id->data; - - k5_cc_mutex_lock(context, &d->lock); + k5_cc_mutex_lock(context, &data->lock); - krb5_krcc_clearcache(context, id); - if (d->cache_id) { - res = keyctl_unlink(d->cache_id, d->collection_id); + clear_cache_keyring(context, id); + if (data->cache_id) { + res = keyctl_unlink(data->cache_id, data->collection_id); if (res < 0) { - kret = errno; - DEBUG_PRINT(("unlinking key %d from ring %d: %s", - d->cache_id, d->collection_id, error_message(errno))); + ret = errno; + DEBUG_PRINT(("unlinking key %d from ring %d: %s", data->cache_id, + data->collection_id, error_message(errno))); } /* If this is a legacy cache, unlink it from the session anchor. */ - if (is_legacy_cache_name(d->name)) - (void)keyctl_unlink(d->cache_id, session_write_anchor()); + if (is_legacy_cache_name(data->name)) + (void)keyctl_unlink(data->cache_id, session_write_anchor()); } - k5_cc_mutex_unlock(context, &d->lock); - k5_cc_mutex_destroy(&d->lock); - free(d->name); - free(d); + k5_cc_mutex_unlock(context, &data->lock); + k5_cc_mutex_destroy(&data->lock); + free(data->name); + free(data); free(id); - krb5_change_cache(); - - return kret; + return ret; } /* Create a cache handle for a cache ID. */ @@ -1085,7 +965,7 @@ make_cache(krb5_context context, key_serial_t collection_id, krb5_error_code ret; krb5_os_context os_ctx = &context->os_context; krb5_ccache ccache = NULL; - krb5_krcc_data *d; + krcc_data *data; key_serial_t pkey = 0; /* Determine the key containing principal information, if present. */ @@ -1098,25 +978,24 @@ make_cache(krb5_context context, key_serial_t collection_id, if (!ccache) return ENOMEM; - ret = krb5_krcc_new_data(anchor_name, collection_name, subsidiary_name, - cache_id, collection_id, &d); + ret = make_krcc_data(anchor_name, collection_name, subsidiary_name, + cache_id, collection_id, &data); if (ret) { free(ccache); return ret; } - d->princ_id = pkey; + data->princ_id = pkey; ccache->ops = &krb5_krcc_ops; - ccache->data = d; + ccache->data = data; ccache->magic = KV5M_CCACHE; *cache_out = ccache; - /* Lookup time offsets if necessary. */ + /* Look up time offsets if necessary. */ if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) && !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) { - if (krb5_krcc_get_time_offsets(context, ccache, - &os_ctx->time_offset, - &os_ctx->usec_offset) == 0) { + if (get_time_offsets(context, ccache, &os_ctx->time_offset, + &os_ctx->usec_offset) == 0) { os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME; os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID; } @@ -1125,28 +1004,9 @@ make_cache(krb5_context context, key_serial_t collection_id, return 0; } -/* - * Requires: - * residual is a legal path name, and a null-terminated string - * - * Modifies: - * id - * - * Effects: - * creates a cred cache that will reside in the keyring with - * a name of . - * - * Returns: - * A filled in krb5_ccache structure "id". - * - * Errors: - * KRB5_CC_NOMEM - there was insufficient memory to allocate the - * krb5_ccache. id is undefined. - * permission errors - */ - +/* Create a keyring ccache handle for the given residual string. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual) +krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual) { krb5_error_code ret; key_serial_t collection_id, cache_id; @@ -1186,104 +1046,67 @@ cleanup: return ret; } -/* - * Effects: - * Prepares for a sequential search of the credentials cache. - * Returns a krb5_cc_cursor to be used with krb5_krcc_next_cred and - * krb5_krcc_end_seq_get. - * - * If the cache is modified between the time of this call and the time - * of the final krb5_krcc_end_seq_get, the results are undefined. - * - * Errors: - * KRB5_CC_NOMEM - * system errors - */ +/* Prepare for a sequential iteration over the cache keyring. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, - krb5_cc_cursor * cursor) +krcc_start_seq_get(krb5_context context, krb5_ccache id, + krb5_cc_cursor *cursor) { - krb5_krcc_cursor krcursor; - krb5_krcc_data *d; + krcc_cursor krcursor; + krcc_data *data = id->data; void *keys; long size; - DEBUG_PRINT(("krb5_krcc_start_seq_get: entered\n")); - - d = id->data; - k5_cc_mutex_lock(context, &d->lock); + k5_cc_mutex_lock(context, &data->lock); - if (!d->cache_id) { - k5_cc_mutex_unlock(context, &d->lock); + if (!data->cache_id) { + k5_cc_mutex_unlock(context, &data->lock); return KRB5_FCC_NOFILE; } - size = keyctl_read_alloc(d->cache_id, &keys); + size = keyctl_read_alloc(data->cache_id, &keys); if (size == -1) { DEBUG_PRINT(("Error getting from keyring: %s\n", strerror(errno))); - k5_cc_mutex_unlock(context, &d->lock); + k5_cc_mutex_unlock(context, &data->lock); return KRB5_CC_IO; } krcursor = calloc(1, sizeof(*krcursor)); if (krcursor == NULL) { free(keys); - k5_cc_mutex_unlock(context, &d->lock); + k5_cc_mutex_unlock(context, &data->lock); return KRB5_CC_NOMEM; } - krcursor->princ_id = d->princ_id; - krcursor->offsets_id = keyctl_search(d->cache_id, KRCC_KEY_TYPE_USER, + krcursor->princ_id = data->princ_id; + krcursor->offsets_id = keyctl_search(data->cache_id, KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS, 0); krcursor->numkeys = size / sizeof(key_serial_t); krcursor->keys = keys; - k5_cc_mutex_unlock(context, &d->lock); - *cursor = (krb5_cc_cursor) krcursor; - return KRB5_OK; + k5_cc_mutex_unlock(context, &data->lock); + *cursor = krcursor; + return 0; } -/* - * Requires: - * cursor is a krb5_cc_cursor originally obtained from - * krb5_krcc_start_seq_get. - * - * Modifes: - * cursor, creds - * - * Effects: - * Fills in creds with the "next" credentals structure from the cache - * id. The actual order the creds are returned in is arbitrary. - * Space is allocated for the variable length fields in the - * credentials structure, so the object returned must be passed to - * krb5_destroy_credential. - * - * The cursor is updated for the next call to krb5_krcc_next_cred. - * - * Errors: - * system errors - */ +/* Get the next credential from the cache keyring. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_next_cred(krb5_context context, krb5_ccache id, - krb5_cc_cursor * cursor, krb5_creds * creds) +krcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, + krb5_creds *creds) { - krb5_krcc_cursor krcursor; - krb5_error_code kret; - int psize; - void *payload = NULL; + krcc_cursor krcursor; + krb5_error_code ret; + int psize; + void *payload = NULL; - DEBUG_PRINT(("krb5_krcc_next_cred: entered\n")); + memset(creds, 0, sizeof(krb5_creds)); - /* - * The cursor has the entire list of keys. - * (Note that we don't support _remove_cred.) - */ - krcursor = (krb5_krcc_cursor) * cursor; + /* The cursor has the entire list of keys. (Note that we don't support + * remove_cred.) */ + krcursor = *cursor; if (krcursor == NULL) return KRB5_CC_END; - memset(creds, 0, sizeof(krb5_creds)); - /* If we're pointing past the end of the keys array, there are no more */ + /* If we're pointing past the end of the keys array, there are no more. */ if (krcursor->currkey >= krcursor->numkeys) return KRB5_CC_END; @@ -1297,160 +1120,131 @@ krb5_krcc_next_cred(krb5_context context, krb5_ccache id, return KRB5_CC_END; } - /* Read the key, the right size buffer will ba allocated and returned */ + /* Read the key; the right size buffer will be allocated and returned. */ psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey], &payload); if (psize == -1) { DEBUG_PRINT(("Error reading key %d: %s\n", krcursor->keys[krcursor->currkey], strerror(errno))); - kret = KRB5_FCC_NOFILE; - goto freepayload; + return KRB5_FCC_NOFILE; } krcursor->currkey++; - kret = krb5_krcc_parse_cred(context, creds, payload, psize); - -freepayload: - if (payload) free(payload); - return kret; + ret = parse_cred(context, creds, payload, psize); + free(payload); + return ret; } -/* - * Requires: - * cursor is a krb5_cc_cursor originally obtained from - * krb5_krcc_start_seq_get. - * - * Modifies: - * id, cursor - * - * Effects: - * Finishes sequential processing of the keyring credentials ccache id, - * and invalidates the cursor (it must never be used after this call). - */ -/* ARGSUSED */ +/* Release an iteration cursor. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_end_seq_get(krb5_context context, krb5_ccache id, - krb5_cc_cursor * cursor) +krcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - krb5_krcc_cursor krcursor = (krb5_krcc_cursor)*cursor; - DEBUG_PRINT(("krb5_krcc_end_seq_get: entered\n")); + krcc_cursor krcursor = *cursor; if (krcursor != NULL) { free(krcursor->keys); free(krcursor); } *cursor = NULL; - return KRB5_OK; + return 0; } -/* Utility routine: Creates the back-end data for a keyring cache. - - Call with the global list lock held. */ +/* Create keyring data for a credential cache. */ static krb5_error_code -krb5_krcc_new_data(const char *anchor_name, const char *collection_name, - const char *subsidiary_name, key_serial_t cache_id, - key_serial_t collection_id, krb5_krcc_data **datapp) +make_krcc_data(const char *anchor_name, const char *collection_name, + const char *subsidiary_name, key_serial_t cache_id, + key_serial_t collection_id, krcc_data **data_out) { - krb5_error_code kret; - krb5_krcc_data *d; + krb5_error_code ret; + krcc_data *data; - d = malloc(sizeof(krb5_krcc_data)); - if (d == NULL) + *data_out = NULL; + + data = malloc(sizeof(krcc_data)); + if (data == NULL) return KRB5_CC_NOMEM; - kret = k5_cc_mutex_init(&d->lock); - if (kret) { - free(d); - return kret; + ret = k5_cc_mutex_init(&data->lock); + if (ret) { + free(data); + return ret; } - kret = make_subsidiary_residual(anchor_name, collection_name, - subsidiary_name, &d->name); - if (kret) { - k5_cc_mutex_destroy(&d->lock); - free(d); - return kret; + ret = make_subsidiary_residual(anchor_name, collection_name, + subsidiary_name, &data->name); + if (ret) { + k5_cc_mutex_destroy(&data->lock); + free(data); + return ret; } - d->princ_id = 0; - d->cache_id = cache_id; - d->collection_id = collection_id; - d->changetime = 0; - d->is_legacy_type = (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0); - krb5_krcc_update_change_time(d); - - *datapp = d; + data->princ_id = 0; + data->cache_id = cache_id; + data->collection_id = collection_id; + data->changetime = 0; + data->is_legacy_type = (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0); + krcc_update_change_time(data); + + *data_out = data; return 0; } -/* - * Effects: - * Creates a new keyring cred cache whose name is guaranteed to be - * unique. - * - * Returns: - * The filled in krb5_ccache id. - * - * Errors: - * KRB5_CC_NOMEM - there was insufficient memory to allocate the - * krb5_ccache. id is undefined. - */ +/* Create a new keyring cache with a unique name. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_generate_new(krb5_context context, krb5_ccache * id) +krcc_generate_new(krb5_context context, krb5_ccache *id_out) { - krb5_ccache lid = NULL; - krb5_error_code kret; + krb5_ccache id = NULL; + krb5_error_code ret; char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL; char *new_subsidiary_name = NULL, *new_residual = NULL; - krb5_krcc_data *d; + krcc_data *data; key_serial_t collection_id; key_serial_t cache_id = 0; - DEBUG_PRINT(("krb5_krcc_generate_new: entered\n")); + *id_out = NULL; /* Determine the collection in which we will create the cache.*/ - kret = get_default(context, &anchor_name, &collection_name, - &subsidiary_name); - if (kret) - return kret; + ret = get_default(context, &anchor_name, &collection_name, + &subsidiary_name); + if (ret) + return ret; if (anchor_name == NULL) { - kret = parse_residual(KRCC_DEFAULT_UNIQUE_COLLECTION, &anchor_name, - &collection_name, &subsidiary_name); - if (kret) - return kret; + ret = parse_residual(KRCC_DEFAULT_UNIQUE_COLLECTION, &anchor_name, + &collection_name, &subsidiary_name); + if (ret) + return ret; } if (subsidiary_name != NULL) { krb5_set_error_message(context, KRB5_DCC_CANNOT_CREATE, _("Can't create new subsidiary cache because " "default cache is already a subsdiary")); - kret = KRB5_DCC_CANNOT_CREATE; + ret = KRB5_DCC_CANNOT_CREATE; goto cleanup; } /* Allocate memory */ - lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); - if (lid == NULL) { - kret = ENOMEM; + id = malloc(sizeof(struct _krb5_ccache)); + if (id == NULL) { + ret = ENOMEM; goto cleanup; } - lid->ops = &krb5_krcc_ops; + id->ops = &krb5_krcc_ops; /* Make a unique keyring within the chosen collection. */ - kret = get_collection(anchor_name, collection_name, &collection_id); - if (kret) + ret = get_collection(anchor_name, collection_name, &collection_id); + if (ret) goto cleanup; - kret = unique_keyring(context, collection_id, &new_subsidiary_name, - &cache_id); - if (kret) + ret = unique_keyring(context, collection_id, &new_subsidiary_name, + &cache_id); + if (ret) goto cleanup; - kret = krb5_krcc_new_data(anchor_name, collection_name, - new_subsidiary_name, cache_id, collection_id, - &d); - if (kret) + ret = make_krcc_data(anchor_name, collection_name, new_subsidiary_name, + cache_id, collection_id, &data); + if (ret) goto cleanup; - lid->data = d; + id->data = data; krb5_change_cache(); cleanup: @@ -1459,150 +1253,134 @@ cleanup: free(subsidiary_name); free(new_subsidiary_name); free(new_residual); - if (kret) { - free(lid); - return kret; + if (ret) { + free(id); + return ret; } - *id = lid; - return KRB5_OK; + *id_out = id; + return 0; } -/* - * Requires: - * id is a keyring credential cache - * - * Returns: - * The name of the keyring cred cache id. - */ +/* Return an alias to the residual string of the cache. */ static const char *KRB5_CALLCONV -krb5_krcc_get_name(krb5_context context, krb5_ccache id) +krcc_get_name(krb5_context context, krb5_ccache id) { - DEBUG_PRINT(("krb5_krcc_get_name: entered\n")); - return (char *) ((krb5_krcc_data *) id->data)->name; + return ((krcc_data *)id->data)->name; } -/* - * Modifies: - * id, princ - * - * Effects: - * Retrieves the primary principal from id, as set with - * krb5_krcc_initialize. The principal is returned is allocated - * storage that must be freed by the caller via krb5_free_principal. - * - * Errors: - * system errors - * KRB5_CC_NOMEM - */ +/* Retrieve a copy of the default principal, if the cache is initialized. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_get_principal(krb5_context context, krb5_ccache id, - krb5_principal * princ) +krcc_get_principal(krb5_context context, krb5_ccache id, + krb5_principal *princ_out) { - DEBUG_PRINT(("krb5_krcc_get_principal: entered\n")); + krcc_data *data = id->data; + krb5_error_code ret; + void *payload = NULL; + int psize; + krcc_bc bc; + + *princ_out = NULL; + k5_cc_mutex_lock(context, &data->lock); + + if (!data->cache_id || !data->princ_id) { + ret = KRB5_FCC_NOFILE; + krb5_set_error_message(context, ret, + _("Credentials cache keyring '%s' not found"), + data->name); + goto errout; + } + + psize = keyctl_read_alloc(data->princ_id, &payload); + if (psize == -1) { + DEBUG_PRINT(("Reading principal key %d: %s\n", + data->princ_id, strerror(errno))); + ret = KRB5_CC_IO; + goto errout; + } + bc.bpp = payload; + bc.endp = (char *)payload + psize; + ret = parse_principal(context, princ_out, &bc); - return krb5_krcc_retrieve_principal(context, id, princ); +errout: + free(payload); + k5_cc_mutex_unlock(context, &data->lock); + return ret; } +/* Search for a credential within the cache keyring. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_retrieve(krb5_context context, krb5_ccache id, - krb5_flags whichfields, krb5_creds * mcreds, - krb5_creds * creds) +krcc_retrieve(krb5_context context, krb5_ccache id, + krb5_flags whichfields, krb5_creds *mcreds, + krb5_creds *creds) { - DEBUG_PRINT(("krb5_krcc_retrieve: entered\n")); - return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, creds); } -/* - * Non-functional stub implementation for krb5_krcc_remove - * - * Errors: - * KRB5_CC_NOSUPP - not implemented - */ +/* Non-functional stub for removing a cred from the cache keyring. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_remove_cred(krb5_context context, krb5_ccache cache, - krb5_flags flags, krb5_creds * creds) +krcc_remove_cred(krb5_context context, krb5_ccache cache, + krb5_flags flags, krb5_creds *creds) { - DEBUG_PRINT(("krb5_krcc_remove_cred: entered (returning KRB5_CC_NOSUPP)\n")); - return KRB5_CC_NOSUPP; } -/* - * Requires: - * id is a cred cache returned by krb5_krcc_resolve or - * krb5_krcc_generate_new, but has not been opened by krb5_krcc_initialize. - * - * Modifies: - * id - * - * Effects: - * Sets the operational flags of id to flags. - */ +/* Set flags on the cache. (We don't care about any flags.) */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) +krcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { - DEBUG_PRINT(("krb5_krcc_set_flags: entered\n")); - - return KRB5_OK; + return 0; } +/* Get the current operational flags (of which we have none) for the cache. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags * flags) +krcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags_out) { - DEBUG_PRINT(("krb5_krcc_get_flags: entered\n")); - - *flags = 0; - return KRB5_OK; + *flags_out = 0; + return 0; } -/* store: Save away creds in the ccache keyring. */ +/* Store a credential in the cache keyring. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_store(krb5_context context, krb5_ccache id, krb5_creds * creds) +krcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds) { - krb5_error_code kret; - krb5_krcc_data *d = (krb5_krcc_data *) id->data; - char *payload = NULL; + krb5_error_code ret; + krcc_data *data = id->data; + char *payload = NULL, *keyname = NULL; unsigned int payloadlen; - char *keyname = NULL; key_serial_t cred_key; krb5_timestamp now; - DEBUG_PRINT(("krb5_krcc_store: entered\n")); - - k5_cc_mutex_lock(context, &d->lock); + k5_cc_mutex_lock(context, &data->lock); - if (!d->cache_id) { - k5_cc_mutex_unlock(context, &d->lock); + if (!data->cache_id) { + k5_cc_mutex_unlock(context, &data->lock); return KRB5_FCC_NOFILE; } /* Get the service principal name and use it as the key name */ - kret = krb5_unparse_name(context, creds->server, &keyname); - if (kret) { - DEBUG_PRINT(("Error unparsing service principal name!\n")); + ret = krb5_unparse_name(context, creds->server, &keyname); + if (ret) goto errout; - } /* Serialize credential into memory */ - kret = krb5_krcc_unparse_cred_alloc(context, creds, &payload, &payloadlen); - if (kret != KRB5_OK) + ret = unparse_cred_alloc(context, creds, &payload, &payloadlen); + if (ret) goto errout; /* Add new key (credentials) into keyring */ - DEBUG_PRINT(("krb5_krcc_store: adding new key '%s' to keyring %d\n", - keyname, d->cache_id)); - kret = add_cred_key(keyname, payload, payloadlen, d->cache_id, - d->is_legacy_type, &cred_key); - if (kret) + DEBUG_PRINT(("krcc_store: adding new key '%s' to keyring %d\n", + keyname, data->cache_id)); + ret = add_cred_key(keyname, payload, payloadlen, data->cache_id, + data->is_legacy_type, &cred_key); + if (ret) goto errout; - krb5_krcc_update_change_time(d); + krcc_update_change_time(data); /* Set appropriate timeouts on cache keys. */ - kret = krb5_timeofday(context, &now); - if (kret) + ret = krb5_timeofday(context, &now); + if (ret) goto errout; if (creds->times.endtime > now) @@ -1610,23 +1388,20 @@ krb5_krcc_store(krb5_context context, krb5_ccache id, krb5_creds * creds) update_keyring_expiration(context, id); - kret = KRB5_OK; - errout: - if (keyname) - krb5_free_unparsed_name(context, keyname); - if (payload) - free(payload); - - k5_cc_mutex_unlock(context, &d->lock); - return kret; + krb5_free_unparsed_name(context, keyname); + free(payload); + k5_cc_mutex_unlock(context, &data->lock); + return ret; } +/* Get the cache's last modification time. (This is currently broken; it + * returns only the last change made using this handle.) */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_last_change_time(krb5_context context, krb5_ccache id, - krb5_timestamp *change_time) +krcc_last_change_time(krb5_context context, krb5_ccache id, + krb5_timestamp *change_time) { - krb5_krcc_data *data = (krb5_krcc_data *) id->data; + krcc_data *data = id->data; k5_cc_mutex_lock(context, &data->lock); *change_time = data->changetime; @@ -1634,45 +1409,44 @@ krb5_krcc_last_change_time(krb5_context context, krb5_ccache id, return 0; } +/* Lock the cache handle against other threads. (This does not lock the cache + * keyring against other processes.) */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_lock(krb5_context context, krb5_ccache id) +krcc_lock(krb5_context context, krb5_ccache id) { - krb5_krcc_data *data = (krb5_krcc_data *) id->data; + krcc_data *data = id->data; k5_cc_mutex_lock(context, &data->lock); return 0; } +/* Unlock the cache handle. */ static krb5_error_code KRB5_CALLCONV -krb5_krcc_unlock(krb5_context context, krb5_ccache id) +krcc_unlock(krb5_context context, krb5_ccache id) { - krb5_krcc_data *data = (krb5_krcc_data *) id->data; + krcc_data *data = id->data; k5_cc_mutex_unlock(context, &data->lock); return 0; } - -static krb5_error_code -krb5_krcc_save_principal(krb5_context context, krb5_ccache id, - krb5_principal princ) +static krb5_error_code +save_principal(krb5_context context, krb5_ccache id, krb5_principal princ) { - krb5_krcc_data *d; - krb5_error_code kret; + krcc_data *data = id->data; + krb5_error_code ret; char *payload = NULL; key_serial_t newkey; unsigned int payloadsize; - krb5_krcc_bc bc; - - k5_cc_mutex_assert_locked(context, &((krb5_krcc_data *) id->data)->lock); + krcc_bc bc; - d = (krb5_krcc_data *) id->data; + k5_cc_mutex_assert_locked(context, &data->lock); /* Do a dry run first to calculate the size. */ bc.bpp = bc.endp = NULL; bc.size = 0; - kret = krb5_krcc_unparse_principal(context, princ, &bc); - CHECK_N_GO(kret, errout); + ret = unparse_principal(context, princ, &bc); + CHECK_N_GO(ret, errout); /* Allocate a buffer and serialize for real. */ payload = malloc(bc.size); @@ -1680,8 +1454,8 @@ krb5_krcc_save_principal(krb5_context context, krb5_ccache id, return KRB5_CC_NOMEM; bc.bpp = payload; bc.endp = payload + bc.size; - kret = krb5_krcc_unparse_principal(context, princ, &bc); - CHECK_N_GO(kret, errout); + ret = unparse_principal(context, princ, &bc); + CHECK_N_GO(ret, errout); /* Add new key into keyring */ payloadsize = bc.bpp - payload; @@ -1690,123 +1464,86 @@ krb5_krcc_save_principal(krb5_context context, krb5_ccache id, krb5_error_code rc; char *princname = NULL; rc = krb5_unparse_name(context, princ, &princname); - DEBUG_PRINT(("krb5_krcc_save_principal: adding new key '%s' " + DEBUG_PRINT(("save_principal: adding new key '%s' " "to keyring %d for principal '%s'\n", - KRCC_SPEC_PRINC_KEYNAME, d->cache_id, + KRCC_SPEC_PRINC_KEYNAME, data->cache_id, rc ? "" : princname)); if (rc == 0) krb5_free_unparsed_name(context, princname); } #endif newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_PRINC_KEYNAME, payload, - payloadsize, d->cache_id); + payloadsize, data->cache_id); if (newkey < 0) { - kret = errno; - DEBUG_PRINT(("Error adding principal key: %s\n", strerror(kret))); + ret = errno; + DEBUG_PRINT(("Error adding principal key: %s\n", strerror(ret))); } else { - d->princ_id = newkey; - kret = KRB5_OK; - krb5_krcc_update_change_time(d); + data->princ_id = newkey; + ret = 0; + krcc_update_change_time(data); } errout: free(payload); - return kret; -} - -static krb5_error_code -krb5_krcc_retrieve_principal(krb5_context context, krb5_ccache id, - krb5_principal * princ) -{ - krb5_krcc_data *d = (krb5_krcc_data *) id->data; - krb5_error_code kret; - void *payload = NULL; - int psize; - krb5_krcc_bc bc; - - k5_cc_mutex_lock(context, &d->lock); - - if (!d->cache_id || !d->princ_id) { - princ = 0L; - kret = KRB5_FCC_NOFILE; - krb5_set_error_message(context, kret, - _("Credentials cache keyring '%s' not found"), - d->name); - goto errout; - } - - psize = keyctl_read_alloc(d->princ_id, &payload); - if (psize == -1) { - DEBUG_PRINT(("Reading principal key %d: %s\n", - d->princ_id, strerror(errno))); - kret = KRB5_CC_IO; - goto errout; - } - bc.bpp = payload; - bc.endp = (char *)payload + psize; - kret = krb5_krcc_parse_principal(context, princ, &bc); - -errout: - if (payload) - free(payload); - k5_cc_mutex_unlock(context, &d->lock); - return kret; + return ret; } -static krb5_error_code -krb5_krcc_save_time_offsets(krb5_context context, krb5_ccache id, - krb5_int32 time_offset, krb5_int32 usec_offset) +/* Add a key to the cache keyring containing the given time offsets. */ +static krb5_error_code +save_time_offsets(krb5_context context, krb5_ccache id, int32_t time_offset, + int32_t usec_offset) { - krb5_krcc_data *d = (krb5_krcc_data *)id->data; - krb5_error_code kret; + krcc_data *data = id->data; + krb5_error_code ret; key_serial_t newkey; void *payload = NULL; int psize; - k5_cc_mutex_assert_locked(context, &d->lock); + k5_cc_mutex_assert_locked(context, &data->lock); /* Prepare the payload. */ - kret = krb5_krcc_unparse_offsets(context, time_offset, usec_offset, - &payload, &psize); - CHECK_N_GO(kret, errout); + ret = unparse_offsets(context, time_offset, usec_offset, &payload, &psize); + CHECK_N_GO(ret, errout); /* Add new key into keyring. */ newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS, payload, psize, - d->cache_id); + data->cache_id); if (newkey == -1) { - kret = errno; - DEBUG_PRINT(("Error adding time offsets key: %s\n", strerror(kret))); + ret = errno; + DEBUG_PRINT(("Error adding time offsets key: %s\n", strerror(ret))); } else { - kret = KRB5_OK; - krb5_krcc_update_change_time(d); + ret = 0; + krcc_update_change_time(data); } errout: free(payload); - return kret; + return ret; } +/* Retrieve and parse the key in the cache keyring containing time offsets. */ static krb5_error_code -krb5_krcc_get_time_offsets(krb5_context context, krb5_ccache id, - krb5_int32 *time_offset, krb5_int32 *usec_offset) +get_time_offsets(krb5_context context, krb5_ccache id, int32_t *time_offset, + int32_t *usec_offset) { - krb5_krcc_data *d = (krb5_krcc_data *)id->data; - krb5_error_code kret; + krcc_data *data = id->data; + krb5_error_code ret; key_serial_t key; - krb5_int32 t, u; + int32_t t, u; void *payload = NULL; int psize; - k5_cc_mutex_lock(context, &d->lock); + k5_cc_mutex_lock(context, &data->lock); - if (!d->cache_id) { - kret = KRB5_FCC_NOFILE; + if (!data->cache_id) { + ret = KRB5_FCC_NOFILE; goto errout; } - key = keyctl_search(d->cache_id, KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS, 0); + key = keyctl_search(data->cache_id, KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS, + 0); if (key == -1) { - kret = ENOENT; + ret = ENOENT; goto errout; } @@ -1814,12 +1551,12 @@ krb5_krcc_get_time_offsets(krb5_context context, krb5_ccache id, if (psize == -1) { DEBUG_PRINT(("Reading time offsets key %d: %s\n", key, strerror(errno))); - kret = KRB5_CC_IO; + ret = KRB5_CC_IO; goto errout; } - kret = krb5_krcc_parse_offsets(context, &t, &u, payload, psize); - if (kret) + ret = parse_offsets(context, &t, &u, payload, psize); + if (ret) goto errout; *time_offset = t; @@ -1827,8 +1564,8 @@ krb5_krcc_get_time_offsets(krb5_context context, krb5_ccache id, errout: free(payload); - k5_cc_mutex_unlock(context, &d->lock); - return kret; + k5_cc_mutex_unlock(context, &data->lock); + return ret; } struct krcc_ptcursor_data { @@ -1844,70 +1581,72 @@ struct krcc_ptcursor_data { }; static krb5_error_code KRB5_CALLCONV -krb5_krcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor_out) +krcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor_out) { - struct krcc_ptcursor_data *data; + struct krcc_ptcursor_data *ptd; krb5_cc_ptcursor cursor; krb5_error_code ret; + void *keys; long size; *cursor_out = NULL; - cursor = k5alloc(sizeof(struct krb5_cc_ptcursor_s), &ret); + cursor = k5alloc(sizeof(*cursor), &ret); if (cursor == NULL) return ENOMEM; - data = k5alloc(sizeof(struct krcc_ptcursor_data), &ret); - if (data == NULL) + ptd = k5alloc(sizeof(*ptd), &ret); + if (ptd == NULL) goto error; cursor->ops = &krb5_krcc_ops; - cursor->data = data; - data->first = TRUE; + cursor->data = ptd; + ptd->first = TRUE; - ret = get_default(context, &data->anchor_name, &data->collection_name, - &data->subsidiary_name); + ret = get_default(context, &ptd->anchor_name, &ptd->collection_name, + &ptd->subsidiary_name); if (ret) goto error; /* If there is no default collection, return an empty cursor. */ - if (data->anchor_name == NULL) { + if (ptd->anchor_name == NULL) { *cursor_out = cursor; return 0; } - ret = get_collection(data->anchor_name, data->collection_name, - &data->collection_id); + ret = get_collection(ptd->anchor_name, ptd->collection_name, + &ptd->collection_id); if (ret) goto error; - if (data->subsidiary_name == NULL) { - ret = get_primary_name(context, data->anchor_name, - data->collection_name, data->collection_id, - &data->primary_name); + if (ptd->subsidiary_name == NULL) { + ret = get_primary_name(context, ptd->anchor_name, + ptd->collection_name, ptd->collection_id, + &ptd->primary_name); if (ret) goto error; - size = keyctl_read_alloc(data->collection_id, (void **)&data->keys); + size = keyctl_read_alloc(ptd->collection_id, &keys); if (size == -1) { ret = errno; goto error; } - data->num_keys = size / sizeof(key_serial_t); + ptd->keys = keys; + ptd->num_keys = size / sizeof(key_serial_t); } *cursor_out = cursor; return 0; error: - krb5_krcc_ptcursor_free(context, &cursor); + krcc_ptcursor_free(context, &cursor); return ret; } static krb5_error_code KRB5_CALLCONV -krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, - krb5_ccache *cache_out) +krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, + krb5_ccache *cache_out) { krb5_error_code ret; - struct krcc_ptcursor_data *data; + struct krcc_ptcursor_data *ptd = cursor->data; key_serial_t key, cache_id = 0; const char *first_name, *keytype, *sep, *subsidiary_name; size_t keytypelen; @@ -1915,35 +1654,33 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, *cache_out = NULL; - data = cursor->data; - /* No keyring available */ - if (data->collection_id == 0) + if (ptd->collection_id == 0) return 0; - if (data->first) { + if (ptd->first) { /* Look for the primary cache for a collection cursor, or the * subsidiary cache for a subsidiary cursor. */ - data->first = FALSE; - first_name = (data->primary_name != NULL) ? data->primary_name : - data->subsidiary_name; - cache_id = keyctl_search(data->collection_id, KRCC_KEY_TYPE_KEYRING, + ptd->first = FALSE; + first_name = (ptd->primary_name != NULL) ? ptd->primary_name : + ptd->subsidiary_name; + cache_id = keyctl_search(ptd->collection_id, KRCC_KEY_TYPE_KEYRING, first_name, 0); if (cache_id != -1) { - return make_cache(context, data->collection_id, cache_id, - data->anchor_name, data->collection_name, + return make_cache(context, ptd->collection_id, cache_id, + ptd->anchor_name, ptd->collection_name, first_name, cache_out); } } /* A subsidiary cursor yields at most the first cache. */ - if (data->subsidiary_name != NULL) + if (ptd->subsidiary_name != NULL) return 0; keytype = KRCC_KEY_TYPE_KEYRING ";"; keytypelen = strlen(keytype); - for (; data->next_key < data->num_keys; data->next_key++) { + for (; ptd->next_key < ptd->num_keys; ptd->next_key++) { /* Free any previously retrieved key description. */ free(description); description = NULL; @@ -1952,7 +1689,7 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, * Get the key description, which should have the form: * typename;UID;GID;permissions;description */ - key = data->keys[data->next_key]; + key = ptd->keys[ptd->next_key]; if (keyctl_describe_alloc(key, &description) < 0) continue; sep = strrchr(description, ';'); @@ -1965,13 +1702,13 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, continue; /* Don't repeat the primary cache. */ - if (strcmp(subsidiary_name, data->primary_name) == 0) + if (strcmp(subsidiary_name, ptd->primary_name) == 0) continue; /* We found a valid key */ - data->next_key++; - ret = make_cache(context, data->collection_id, key, data->anchor_name, - data->collection_name, subsidiary_name, cache_out); + ptd->next_key++; + ret = make_cache(context, ptd->collection_id, key, ptd->anchor_name, + ptd->collection_name, subsidiary_name, cache_out); free(description); return ret; } @@ -1981,17 +1718,17 @@ krb5_krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, } static krb5_error_code KRB5_CALLCONV -krb5_krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor) +krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor) { - struct krcc_ptcursor_data *data = (*cursor)->data; + struct krcc_ptcursor_data *ptd = (*cursor)->data; - if (data != NULL) { - free(data->anchor_name); - free(data->collection_name); - free(data->subsidiary_name); - free(data->primary_name); - free(data->keys); - free(data); + if (ptd != NULL) { + free(ptd->anchor_name); + free(ptd->collection_name); + free(ptd->subsidiary_name); + free(ptd->primary_name); + free(ptd->keys); + free(ptd); } free(*cursor); *cursor = NULL; @@ -1999,9 +1736,9 @@ krb5_krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor) } static krb5_error_code KRB5_CALLCONV -krb5_krcc_switch_to(krb5_context context, krb5_ccache cache) +krcc_switch_to(krb5_context context, krb5_ccache cache) { - krb5_krcc_data *data = cache->data; + krcc_data *data = cache->data; krb5_error_code ret; char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL; key_serial_t collection_id; @@ -2014,6 +1751,7 @@ krb5_krcc_switch_to(krb5_context context, krb5_ccache cache) if (ret) goto cleanup; ret = set_primary_name(context, collection_id, subsidiary_name); + cleanup: free(anchor_name); free(collection_name); @@ -2040,74 +1778,70 @@ cleanup: * Errors: * KRB5_CC_END - there were not len bytes available */ -static krb5_error_code -krb5_krcc_parse(krb5_context context, krb5_pointer buf, unsigned int len, - krb5_krcc_bc * bc) +static krb5_error_code +parse(krb5_context context, void *buf, unsigned int len, krcc_bc * bc) { - DEBUG_PRINT(("krb5_krcc_parse: entered\n")); - if ((bc->endp == bc->bpp) || (bc->endp - bc->bpp) < len) return KRB5_CC_END; memcpy(buf, bc->bpp, len); bc->bpp += len; - return KRB5_OK; + return 0; } /* * Take a key (credential) read from a keyring entry * and parse it into a credential structure. */ -static krb5_error_code -krb5_krcc_parse_cred(krb5_context context, krb5_creds * creds, char *payload, - int psize) +static krb5_error_code +parse_cred(krb5_context context, krb5_creds * creds, char *payload, int psize) { - krb5_error_code kret; + krb5_error_code ret; krb5_octet octet; - krb5_int32 int32; - krb5_krcc_bc bc; + int32_t int32; + krcc_bc bc; /* Parse the pieces of the credential */ bc.bpp = payload; bc.endp = bc.bpp + psize; - kret = krb5_krcc_parse_principal(context, &creds->client, &bc); - CHECK_N_GO(kret, out); + ret = parse_principal(context, &creds->client, &bc); + CHECK_N_GO(ret, out); - kret = krb5_krcc_parse_principal(context, &creds->server, &bc); - CHECK_N_GO(kret, cleanclient); + ret = parse_principal(context, &creds->server, &bc); + CHECK_N_GO(ret, cleanclient); - kret = krb5_krcc_parse_keyblock(context, &creds->keyblock, &bc); - CHECK_N_GO(kret, cleanserver); + ret = parse_keyblock(context, &creds->keyblock, &bc); + CHECK_N_GO(ret, cleanserver); - kret = krb5_krcc_parse_times(context, &creds->times, &bc); - CHECK_N_GO(kret, cleanserver); + ret = parse_times(context, &creds->times, &bc); + CHECK_N_GO(ret, cleanserver); - kret = krb5_krcc_parse_octet(context, &octet, &bc); - CHECK_N_GO(kret, cleanserver); + ret = parse_octet(context, &octet, &bc); + CHECK_N_GO(ret, cleanserver); creds->is_skey = octet; - kret = krb5_krcc_parse_int32(context, &int32, &bc); - CHECK_N_GO(kret, cleanserver); + ret = parse_int32(context, &int32, &bc); + CHECK_N_GO(ret, cleanserver); creds->ticket_flags = int32; - kret = krb5_krcc_parse_addrs(context, &creds->addresses, &bc); - CHECK_N_GO(kret, cleanblock); + ret = parse_addrs(context, &creds->addresses, &bc); + CHECK_N_GO(ret, cleanblock); - kret = krb5_krcc_parse_authdata(context, &creds->authdata, &bc); - CHECK_N_GO(kret, cleanaddrs); + ret = parse_authdata(context, &creds->authdata, &bc); + CHECK_N_GO(ret, cleanaddrs); - kret = krb5_krcc_parse_krb5data(context, &creds->ticket, &bc); - CHECK_N_GO(kret, cleanauthdata); + ret = parse_krb5data(context, &creds->ticket, &bc); + CHECK_N_GO(ret, cleanauthdata); - kret = krb5_krcc_parse_krb5data(context, &creds->second_ticket, &bc); - CHECK_N_GO(kret, cleanticket); + ret = parse_krb5data(context, &creds->second_ticket, &bc); + CHECK_N_GO(ret, cleanticket); - kret = KRB5_OK; + ret = 0; goto out; cleanticket: - memset(creds->ticket.data, 0, (unsigned) creds->ticket.length); + memset(creds->ticket.data, 0, creds->ticket.length); free(creds->ticket.data); cleanauthdata: krb5_free_authdata(context, creds->authdata); @@ -2121,32 +1855,31 @@ cleanclient: krb5_free_principal(context, creds->client); out: - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_principal(krb5_context context, krb5_principal * princ, - krb5_krcc_bc * bc) +static krb5_error_code +parse_principal(krb5_context context, krb5_principal *princ, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; register krb5_principal tmpprinc; - krb5_int32 length, type; - int i; + int32_t length, type; + int i; /* Read principal type */ - kret = krb5_krcc_parse_int32(context, &type, bc); - if (kret != KRB5_OK) - return kret; + ret = parse_int32(context, &type, bc); + if (ret) + return ret; /* Read the number of components */ - kret = krb5_krcc_parse_int32(context, &length, bc); - if (kret != KRB5_OK) - return kret; + ret = parse_int32(context, &length, bc); + if (ret) + return ret; if (length < 0) return KRB5_CC_NOMEM; - tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data)); + tmpprinc = malloc(sizeof(krb5_principal_data)); if (tmpprinc == NULL) return KRB5_CC_NOMEM; if (length) { @@ -2155,22 +1888,23 @@ krb5_krcc_parse_principal(krb5_context context, krb5_principal * princ, free(tmpprinc); return KRB5_CC_NOMEM; } - } else + } else { tmpprinc->data = 0; + } tmpprinc->magic = KV5M_PRINCIPAL; tmpprinc->length = length; tmpprinc->type = type; - kret = krb5_krcc_parse_krb5data(context, &tmpprinc->realm, bc); + ret = parse_krb5data(context, &tmpprinc->realm, bc); i = 0; - CHECK(kret); + CHECK(ret); for (i = 0; i < length; i++) { - kret = krb5_krcc_parse_krb5data(context, &tmpprinc->data[i], bc); - CHECK(kret); + ret = parse_krb5data(context, &tmpprinc->data[i], bc); + CHECK(ret); } *princ = tmpprinc; - return KRB5_OK; + return 0; errout: while (--i >= 0) @@ -2178,85 +1912,82 @@ errout: free(tmpprinc->realm.data); free(tmpprinc->data); free(tmpprinc); - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_keyblock(krb5_context context, krb5_keyblock * keyblock, - krb5_krcc_bc * bc) +static krb5_error_code +parse_keyblock(krb5_context context, krb5_keyblock *keyblock, krcc_bc *bc) { - krb5_error_code kret; - krb5_ui_2 ui2; - krb5_int32 int32; + krb5_error_code ret; + uint16_t ui2; + int32_t int32; keyblock->magic = KV5M_KEYBLOCK; keyblock->contents = 0; - kret = krb5_krcc_parse_ui_2(context, &ui2, bc); - CHECK(kret); + ret = parse_uint16(context, &ui2, bc); + CHECK(ret); keyblock->enctype = ui2; - kret = krb5_krcc_parse_int32(context, &int32, bc); - CHECK(kret); + ret = parse_int32(context, &int32, bc); + CHECK(ret); if (int32 < 0) return KRB5_CC_NOMEM; keyblock->length = int32; if (keyblock->length == 0) - return KRB5_OK; + return 0; keyblock->contents = malloc(keyblock->length); if (keyblock->contents == NULL) return KRB5_CC_NOMEM; - kret = krb5_krcc_parse(context, keyblock->contents, keyblock->length, bc); - CHECK(kret); + ret = parse(context, keyblock->contents, keyblock->length, bc); + CHECK(ret); - return KRB5_OK; + return 0; errout: if (keyblock->contents) free(keyblock->contents); - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_times(krb5_context context, krb5_ticket_times * t, - krb5_krcc_bc * bc) +static krb5_error_code +parse_times(krb5_context context, krb5_ticket_times *t, krcc_bc *bc) { - krb5_error_code kret; - krb5_int32 i; + krb5_error_code ret; + int32_t i; - kret = krb5_krcc_parse_int32(context, &i, bc); - CHECK(kret); + ret = parse_int32(context, &i, bc); + CHECK(ret); t->authtime = i; - kret = krb5_krcc_parse_int32(context, &i, bc); - CHECK(kret); + ret = parse_int32(context, &i, bc); + CHECK(ret); t->starttime = i; - kret = krb5_krcc_parse_int32(context, &i, bc); - CHECK(kret); + ret = parse_int32(context, &i, bc); + CHECK(ret); t->endtime = i; - kret = krb5_krcc_parse_int32(context, &i, bc); - CHECK(kret); + ret = parse_int32(context, &i, bc); + CHECK(ret); t->renew_till = i; return 0; errout: - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_krb5data(krb5_context context, krb5_data * data, - krb5_krcc_bc * bc) +static krb5_error_code +parse_krb5data(krb5_context context, krb5_data *data, krcc_bc *bc) { - krb5_error_code kret; - krb5_int32 len; + krb5_error_code ret; + int32_t len; data->magic = KV5M_DATA; data->data = 0; - kret = krb5_krcc_parse_int32(context, &len, bc); - CHECK(kret); + ret = parse_int32(context, &len, bc); + CHECK(ret); if (len < 0) return KRB5_CC_NOMEM; data->length = len; @@ -2265,57 +1996,56 @@ krb5_krcc_parse_krb5data(krb5_context context, krb5_data * data, if (data->length == 0) { data->data = 0; - return KRB5_OK; + return 0; } - data->data = (char *) malloc(data->length + 1); + data->data = malloc(data->length + 1); if (data->data == NULL) return KRB5_CC_NOMEM; - kret = krb5_krcc_parse(context, data->data, (unsigned) data->length, bc); - CHECK(kret); + ret = parse(context, data->data, data->length, bc); + CHECK(ret); data->data[data->length] = 0; /* Null terminate, just in case.... */ - return KRB5_OK; + return 0; errout: if (data->data) free(data->data); - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_int32(krb5_context context, krb5_int32 * i, krb5_krcc_bc * bc) +static krb5_error_code +parse_int32(krb5_context context, int32_t *i, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; unsigned char buf[4]; - kret = krb5_krcc_parse(context, buf, 4, bc); - if (kret) - return kret; + ret = parse(context, buf, 4, bc); + if (ret) + return ret; *i = load_32_be(buf); return 0; } -static krb5_error_code -krb5_krcc_parse_octet(krb5_context context, krb5_octet * i, krb5_krcc_bc * bc) +static krb5_error_code +parse_octet(krb5_context context, krb5_octet *i, krcc_bc *bc) { - return krb5_krcc_parse(context, (krb5_pointer) i, 1, bc); + return parse(context, i, 1, bc); } -static krb5_error_code -krb5_krcc_parse_addrs(krb5_context context, krb5_address *** addrs, - krb5_krcc_bc * bc) +static krb5_error_code +parse_addrs(krb5_context context, krb5_address ***addrs, krcc_bc *bc) { - krb5_error_code kret; - krb5_int32 length; + krb5_error_code ret; + int32_t length; size_t msize; - int i; + int i; *addrs = 0; /* Read the number of components */ - kret = krb5_krcc_parse_int32(context, &length, bc); - CHECK(kret); + ret = parse_int32(context, &length, bc); + CHECK(ret); /* * Make *addrs able to hold length pointers to krb5_address structs @@ -2329,76 +2059,74 @@ krb5_krcc_parse_addrs(krb5_context context, krb5_address *** addrs, return KRB5_CC_NOMEM; for (i = 0; i < length; i++) { - (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address)); + (*addrs)[i] = malloc(sizeof(krb5_address)); if ((*addrs)[i] == NULL) { krb5_free_addresses(context, *addrs); return KRB5_CC_NOMEM; } - kret = krb5_krcc_parse_addr(context, (*addrs)[i], bc); - CHECK(kret); + ret = parse_addr(context, (*addrs)[i], bc); + CHECK(ret); } - return KRB5_OK; + return 0; errout: if (*addrs) krb5_free_addresses(context, *addrs); - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_addr(krb5_context context, krb5_address * addr, - krb5_krcc_bc * bc) +static krb5_error_code +parse_addr(krb5_context context, krb5_address *addr, krcc_bc *bc) { - krb5_error_code kret; - krb5_ui_2 ui2; - krb5_int32 int32; + krb5_error_code ret; + uint16_t ui2; + int32_t int32; addr->magic = KV5M_ADDRESS; addr->contents = 0; - kret = krb5_krcc_parse_ui_2(context, &ui2, bc); - CHECK(kret); + ret = parse_uint16(context, &ui2, bc); + CHECK(ret); addr->addrtype = ui2; - kret = krb5_krcc_parse_int32(context, &int32, bc); - CHECK(kret); + ret = parse_int32(context, &int32, bc); + CHECK(ret); if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; addr->length = int32; if (addr->length == 0) - return KRB5_OK; + return 0; - addr->contents = (krb5_octet *) malloc(addr->length); + addr->contents = malloc(addr->length); if (addr->contents == NULL) return KRB5_CC_NOMEM; - kret = krb5_krcc_parse(context, addr->contents, addr->length, bc); - CHECK(kret); + ret = parse(context, addr->contents, addr->length, bc); + CHECK(ret); - return KRB5_OK; + return 0; errout: if (addr->contents) free(addr->contents); - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_authdata(krb5_context context, krb5_authdata *** a, - krb5_krcc_bc * bc) +static krb5_error_code +parse_authdata(krb5_context context, krb5_authdata ***a, krcc_bc *bc) { - krb5_error_code kret; - krb5_int32 length; + krb5_error_code ret; + int32_t length; size_t msize; int i; *a = 0; /* Read the number of components */ - kret = krb5_krcc_parse_int32(context, &length, bc); - CHECK(kret); + ret = parse_int32(context, &length, bc); + CHECK(ret); if (length == 0) - return KRB5_OK; + return 0; /* * Make *a able to hold length pointers to krb5_authdata structs @@ -2412,71 +2140,70 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_authdata *** a, return KRB5_CC_NOMEM; for (i = 0; i < length; i++) { - (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata)); + (*a)[i] = malloc(sizeof(krb5_authdata)); if ((*a)[i] == NULL) { krb5_free_authdata(context, *a); *a = NULL; return KRB5_CC_NOMEM; } - kret = krb5_krcc_parse_authdatum(context, (*a)[i], bc); - CHECK(kret); + ret = parse_authdatum(context, (*a)[i], bc); + CHECK(ret); } - return KRB5_OK; + return 0; errout: if (*a) { krb5_free_authdata(context, *a); *a = NULL; } - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_authdatum(krb5_context context, krb5_authdata * a, - krb5_krcc_bc * bc) +static krb5_error_code +parse_authdatum(krb5_context context, krb5_authdata *a, krcc_bc *bc) { - krb5_error_code kret; - krb5_int32 int32; - krb5_ui_2 ui2; + krb5_error_code ret; + int32_t int32; + uint16_t ui2; a->magic = KV5M_AUTHDATA; a->contents = NULL; - kret = krb5_krcc_parse_ui_2(context, &ui2, bc); - CHECK(kret); - a->ad_type = (krb5_authdatatype) ui2; - kret = krb5_krcc_parse_int32(context, &int32, bc); - CHECK(kret); + ret = parse_uint16(context, &ui2, bc); + CHECK(ret); + a->ad_type = ui2; + ret = parse_int32(context, &int32, bc); + CHECK(ret); if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; a->length = int32; if (a->length == 0) - return KRB5_OK; + return 0; - a->contents = (krb5_octet *) malloc(a->length); + a->contents = malloc(a->length); if (a->contents == NULL) return KRB5_CC_NOMEM; - kret = krb5_krcc_parse(context, a->contents, a->length, bc); - CHECK(kret); + ret = parse(context, a->contents, a->length, bc); + CHECK(ret); - return KRB5_OK; + return 0; errout: if (a->contents) free(a->contents); - return kret; + return ret; } -static krb5_error_code -krb5_krcc_parse_ui_2(krb5_context context, krb5_ui_2 * i, krb5_krcc_bc * bc) +static krb5_error_code +parse_uint16(krb5_context context, uint16_t *i, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; unsigned char buf[2]; - kret = krb5_krcc_parse(context, buf, 2, bc); - if (kret) - return kret; + ret = parse(context, buf, 2, bc); + if (ret) + return ret; *i = load_16_be(buf); return 0; } @@ -2493,14 +2220,13 @@ krb5_krcc_parse_ui_2(krb5_context context, krb5_ui_2 * i, krb5_krcc_bc * bc) * Errors: * system errors */ -static krb5_error_code -krb5_krcc_unparse(krb5_context context, krb5_pointer buf, unsigned int len, - krb5_krcc_bc * bc) +static krb5_error_code +unparse(krb5_context context, void *buf, unsigned int len, krcc_bc *bc) { if (bc->bpp == NULL) { /* This is a dry run; just increase size and return. */ bc->size += len; - return KRB5_OK; + return 0; } if (bc->bpp + len > bc->endp) @@ -2509,100 +2235,93 @@ krb5_krcc_unparse(krb5_context context, krb5_pointer buf, unsigned int len, memcpy(bc->bpp, buf, len); bc->bpp += len; - return KRB5_OK; + return 0; } -static krb5_error_code -krb5_krcc_unparse_principal(krb5_context context, krb5_principal princ, - krb5_krcc_bc * bc) +static krb5_error_code +unparse_principal(krb5_context context, krb5_principal princ, krcc_bc *bc) { - krb5_error_code kret; - krb5_int32 i, length, tmp, type; + krb5_error_code ret; + int32_t i, length, tmp, type; type = princ->type; tmp = length = princ->length; - kret = krb5_krcc_unparse_int32(context, type, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, type, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_int32(context, tmp, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, tmp, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_krb5data(context, &princ->realm, bc); - CHECK_OUT(kret); + ret = unparse_krb5data(context, &princ->realm, bc); + CHECK_OUT(ret); for (i = 0; i < length; i++) { - kret = krb5_krcc_unparse_krb5data(context, &princ->data[i], bc); - CHECK_OUT(kret); + ret = unparse_krb5data(context, &princ->data[i], bc); + CHECK_OUT(ret); } - return KRB5_OK; + return 0; } -static krb5_error_code -krb5_krcc_unparse_keyblock(krb5_context context, krb5_keyblock * keyblock, - krb5_krcc_bc * bc) +static krb5_error_code +unparse_keyblock(krb5_context context, krb5_keyblock *keyblock, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; - kret = krb5_krcc_unparse_ui_2(context, keyblock->enctype, bc); - CHECK_OUT(kret); - kret = krb5_krcc_unparse_ui_4(context, keyblock->length, bc); - CHECK_OUT(kret); - return krb5_krcc_unparse(context, (char *) keyblock->contents, - keyblock->length, bc); + ret = unparse_uint16(context, keyblock->enctype, bc); + CHECK_OUT(ret); + ret = unparse_uint32(context, keyblock->length, bc); + CHECK_OUT(ret); + return unparse(context, keyblock->contents, keyblock->length, bc); } -static krb5_error_code -krb5_krcc_unparse_times(krb5_context context, krb5_ticket_times * t, - krb5_krcc_bc * bc) +static krb5_error_code +unparse_times(krb5_context context, krb5_ticket_times *t, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; - kret = krb5_krcc_unparse_int32(context, t->authtime, bc); - CHECK_OUT(kret); - kret = krb5_krcc_unparse_int32(context, t->starttime, bc); - CHECK_OUT(kret); - kret = krb5_krcc_unparse_int32(context, t->endtime, bc); - CHECK_OUT(kret); - kret = krb5_krcc_unparse_int32(context, t->renew_till, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, t->authtime, bc); + CHECK_OUT(ret); + ret = unparse_int32(context, t->starttime, bc); + CHECK_OUT(ret); + ret = unparse_int32(context, t->endtime, bc); + CHECK_OUT(ret); + ret = unparse_int32(context, t->renew_till, bc); + CHECK_OUT(ret); return 0; } -static krb5_error_code -krb5_krcc_unparse_krb5data(krb5_context context, krb5_data * data, - krb5_krcc_bc * bc) +static krb5_error_code +unparse_krb5data(krb5_context context, krb5_data *data, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; - kret = krb5_krcc_unparse_ui_4(context, data->length, bc); - CHECK_OUT(kret); - return krb5_krcc_unparse(context, data->data, data->length, bc); + ret = unparse_uint32(context, data->length, bc); + CHECK_OUT(ret); + return unparse(context, data->data, data->length, bc); } -static krb5_error_code -krb5_krcc_unparse_int32(krb5_context context, krb5_int32 i, krb5_krcc_bc * bc) +static krb5_error_code +unparse_int32(krb5_context context, int32_t i, krcc_bc *bc) { - return krb5_krcc_unparse_ui_4(context, (krb5_ui_4) i, bc); + return unparse_uint32(context, i, bc); } -static krb5_error_code -krb5_krcc_unparse_octet(krb5_context context, krb5_int32 i, krb5_krcc_bc * bc) +static krb5_error_code +unparse_octet(krb5_context context, int32_t i, krcc_bc *bc) { - krb5_octet ibuf; + unsigned char ibuf = i; - ibuf = (krb5_octet) i; - return krb5_krcc_unparse(context, (char *) &ibuf, 1, bc); + return unparse(context, (char *)&ibuf, 1, bc); } -static krb5_error_code -krb5_krcc_unparse_addrs(krb5_context context, krb5_address ** addrs, - krb5_krcc_bc * bc) +static krb5_error_code +unparse_addrs(krb5_context context, krb5_address **addrs, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; krb5_address **temp; - krb5_int32 i, length = 0; + int32_t i, length = 0; /* Count the number of components */ if (addrs) { @@ -2611,82 +2330,77 @@ krb5_krcc_unparse_addrs(krb5_context context, krb5_address ** addrs, length += 1; } - kret = krb5_krcc_unparse_int32(context, length, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, length, bc); + CHECK_OUT(ret); for (i = 0; i < length; i++) { - kret = krb5_krcc_unparse_addr(context, addrs[i], bc); - CHECK_OUT(kret); + ret = unparse_addr(context, addrs[i], bc); + CHECK_OUT(ret); } - return KRB5_OK; + return 0; } -static krb5_error_code -krb5_krcc_unparse_addr(krb5_context context, krb5_address * addr, - krb5_krcc_bc * bc) +static krb5_error_code +unparse_addr(krb5_context context, krb5_address *addr, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; - kret = krb5_krcc_unparse_ui_2(context, addr->addrtype, bc); - CHECK_OUT(kret); - kret = krb5_krcc_unparse_ui_4(context, addr->length, bc); - CHECK_OUT(kret); - return krb5_krcc_unparse(context, (char *) addr->contents, - addr->length, bc); + ret = unparse_uint16(context, addr->addrtype, bc); + CHECK_OUT(ret); + ret = unparse_uint32(context, addr->length, bc); + CHECK_OUT(ret); + return unparse(context, addr->contents, addr->length, bc); } -static krb5_error_code -krb5_krcc_unparse_authdata(krb5_context context, - krb5_authdata ** a, krb5_krcc_bc * bc) +static krb5_error_code +unparse_authdata(krb5_context context, krb5_authdata **a, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; krb5_authdata **temp; - krb5_int32 i, length = 0; + int32_t i, length = 0; if (a != NULL) { for (temp = a; *temp; temp++) length++; } - kret = krb5_krcc_unparse_int32(context, length, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, length, bc); + CHECK_OUT(ret); for (i = 0; i < length; i++) { - kret = krb5_krcc_unparse_authdatum(context, a[i], bc); - CHECK_OUT(kret); + ret = unparse_authdatum(context, a[i], bc); + CHECK_OUT(ret); } - return KRB5_OK; + return 0; } -static krb5_error_code -krb5_krcc_unparse_authdatum(krb5_context context, krb5_authdata * a, - krb5_krcc_bc * bc) +static krb5_error_code +unparse_authdatum(krb5_context context, krb5_authdata *a, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; - kret = krb5_krcc_unparse_ui_2(context, a->ad_type, bc); - CHECK_OUT(kret); - kret = krb5_krcc_unparse_ui_4(context, a->length, bc); - CHECK_OUT(kret); - return krb5_krcc_unparse(context, (krb5_pointer) a->contents, - a->length, bc); + ret = unparse_uint16(context, a->ad_type, bc); + CHECK_OUT(ret); + ret = unparse_uint32(context, a->length, bc); + CHECK_OUT(ret); + return unparse(context, a->contents, a->length, bc); } -static krb5_error_code -krb5_krcc_unparse_ui_4(krb5_context context, krb5_ui_4 i, krb5_krcc_bc * bc) +static krb5_error_code +unparse_uint32(krb5_context context, uint32_t i, krcc_bc *bc) { unsigned char buf[4]; store_32_be(i, buf); - return krb5_krcc_unparse(context, buf, 4, bc); + return unparse(context, buf, 4, bc); } -static krb5_error_code -krb5_krcc_unparse_ui_2(krb5_context context, krb5_int32 i, krb5_krcc_bc * bc) +static krb5_error_code +unparse_uint16(krb5_context context, int32_t i, krcc_bc *bc) { unsigned char buf[2]; store_16_be(i, buf); - return krb5_krcc_unparse(context, buf, 2, bc); + return unparse(context, buf, 2, bc); } /* @@ -2701,57 +2415,56 @@ krb5_krcc_unparse_ui_2(krb5_context context, krb5_int32 i, krb5_krcc_bc * bc) * for storage into a keyring key entry. * Caller is responsible for freeing returned buffer. */ -static krb5_error_code -krb5_krcc_unparse_cred(krb5_context context, krb5_creds * creds, - krb5_krcc_bc *bc) +static krb5_error_code +unparse_cred(krb5_context context, krb5_creds *creds, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; - kret = krb5_krcc_unparse_principal(context, creds->client, bc); - CHECK_OUT(kret); + ret = unparse_principal(context, creds->client, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_principal(context, creds->server, bc); - CHECK_OUT(kret); + ret = unparse_principal(context, creds->server, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_keyblock(context, &creds->keyblock, bc); - CHECK_OUT(kret); + ret = unparse_keyblock(context, &creds->keyblock, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_times(context, &creds->times, bc); - CHECK_OUT(kret); + ret = unparse_times(context, &creds->times, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_octet(context, (krb5_int32) creds->is_skey, bc); - CHECK_OUT(kret); + ret = unparse_octet(context, creds->is_skey, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_int32(context, creds->ticket_flags, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, creds->ticket_flags, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_addrs(context, creds->addresses, bc); - CHECK_OUT(kret); + ret = unparse_addrs(context, creds->addresses, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_authdata(context, creds->authdata, bc); - CHECK_OUT(kret); + ret = unparse_authdata(context, creds->authdata, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_krb5data(context, &creds->ticket, bc); - CHECK_OUT(kret); - CHECK(kret); + ret = unparse_krb5data(context, &creds->ticket, bc); + CHECK_OUT(ret); + CHECK(ret); - kret = krb5_krcc_unparse_krb5data(context, &creds->second_ticket, bc); - CHECK_OUT(kret); + ret = unparse_krb5data(context, &creds->second_ticket, bc); + CHECK_OUT(ret); /* Success! */ - kret = KRB5_OK; + ret = 0; errout: - return kret; + return ret; } -static krb5_error_code -krb5_krcc_unparse_cred_alloc(krb5_context context, krb5_creds * creds, - char **datapp, unsigned int *lenptr) +static krb5_error_code +unparse_cred_alloc(krb5_context context, krb5_creds *creds, char **datapp, + unsigned int *lenptr) { - krb5_error_code kret; + krb5_error_code ret; char *buf = NULL; - krb5_krcc_bc bc; + krcc_bc bc; if (!creds || !datapp || !lenptr) return EINVAL; @@ -2762,8 +2475,8 @@ krb5_krcc_unparse_cred_alloc(krb5_context context, krb5_creds * creds, /* Do a dry run first to calculate the size. */ bc.bpp = bc.endp = NULL; bc.size = 0; - kret = krb5_krcc_unparse_cred(context, creds, &bc); - CHECK(kret); + ret = unparse_cred(context, creds, &bc); + CHECK(ret); if (bc.size > MAX_CRED_SIZE) return KRB5_CC_WRITE; @@ -2773,66 +2486,66 @@ krb5_krcc_unparse_cred_alloc(krb5_context context, krb5_creds * creds, return KRB5_CC_NOMEM; bc.bpp = buf; bc.endp = buf + bc.size; - kret = krb5_krcc_unparse_cred(context, creds, &bc); - CHECK(kret); + ret = unparse_cred(context, creds, &bc); + CHECK(ret); /* Success! */ *datapp = buf; *lenptr = bc.bpp - buf; buf = NULL; - kret = KRB5_OK; + ret = 0; errout: free(buf); - return kret; + return ret; } static krb5_error_code -krb5_krcc_parse_index(krb5_context context, krb5_int32 *version, - char **primary, void *payload, int psize) +parse_index(krb5_context context, int32_t *version, char **primary, + void *payload, int psize) { - krb5_error_code kret; - krb5_krcc_bc bc; + krb5_error_code ret; + krcc_bc bc; krb5_data data; bc.bpp = payload; bc.endp = bc.bpp + psize; - kret = krb5_krcc_parse_int32(context, version, &bc); - CHECK_OUT(kret); + ret = parse_int32(context, version, &bc); + CHECK_OUT(ret); - kret = krb5_krcc_parse_krb5data(context, &data, &bc); - CHECK_OUT(kret); + ret = parse_krb5data(context, &data, &bc); + CHECK_OUT(ret); *primary = (char *)data.data; - return KRB5_OK; + return 0; } static krb5_error_code -krb5_krcc_unparse_index_internal(krb5_context context, krb5_int32 version, - const char *primary, krb5_krcc_bc *bc) +unparse_index_internal(krb5_context context, int32_t version, + const char *primary, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; krb5_data data; data.length = strlen(primary) + 1; data.data = (void *)primary; - kret = krb5_krcc_unparse_int32(context, version, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, version, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_krb5data(context, &data, bc); - CHECK_OUT(kret); + ret = unparse_krb5data(context, &data, bc); + CHECK_OUT(ret); - return KRB5_OK; + return 0; } static krb5_error_code -krb5_krcc_unparse_index(krb5_context context, krb5_int32 version, - const char *primary, void **datapp, int *lenptr) +unparse_index(krb5_context context, int32_t version, const char *primary, + void **datapp, int *lenptr) { - krb5_error_code kret; - krb5_krcc_bc bc; + krb5_error_code ret; + krcc_bc bc; char *buf; if (!primary || !datapp || !lenptr) @@ -2844,8 +2557,8 @@ krb5_krcc_unparse_index(krb5_context context, krb5_int32 version, /* Do a dry run first to calculate the size. */ bc.bpp = bc.endp = NULL; bc.size = 0; - kret = krb5_krcc_unparse_index_internal(context, version, primary, &bc); - CHECK_OUT(kret); + ret = unparse_index_internal(context, version, primary, &bc); + CHECK_OUT(ret); buf = malloc(bc.size); if (buf == NULL) @@ -2853,62 +2566,60 @@ krb5_krcc_unparse_index(krb5_context context, krb5_int32 version, bc.bpp = buf; bc.endp = buf + bc.size; - kret = krb5_krcc_unparse_index_internal(context, version, primary, &bc); - CHECK(kret); + ret = unparse_index_internal(context, version, primary, &bc); + CHECK(ret); /* Success! */ *datapp = buf; *lenptr = bc.bpp - buf; - kret = KRB5_OK; + ret = 0; errout: - if (kret) + if (ret) free(buf); - return kret; + return ret; } static krb5_error_code -krb5_krcc_parse_offsets(krb5_context context, krb5_int32 *time_offset, - krb5_int32 *usec_offset, void *payload, int psize) +parse_offsets(krb5_context context, int32_t *time_offset, int32_t *usec_offset, + void *payload, int psize) { - krb5_error_code kret; - krb5_krcc_bc bc; + krb5_error_code ret; + krcc_bc bc; bc.bpp = payload; bc.endp = bc.bpp + psize; - kret = krb5_krcc_parse_int32(context, time_offset, &bc); - CHECK_OUT(kret); + ret = parse_int32(context, time_offset, &bc); + CHECK_OUT(ret); - kret = krb5_krcc_parse_int32(context, usec_offset, &bc); - CHECK_OUT(kret); + ret = parse_int32(context, usec_offset, &bc); + CHECK_OUT(ret); - return KRB5_OK; + return 0; } static krb5_error_code -krb5_krcc_unparse_offsets_internal(krb5_context context, - krb5_int32 time_offset, - krb5_int32 usec_offset, - krb5_krcc_bc *bc) +unparse_offsets_internal(krb5_context context, int32_t time_offset, + int32_t usec_offset, krcc_bc *bc) { - krb5_error_code kret; + krb5_error_code ret; - kret = krb5_krcc_unparse_int32(context, time_offset, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, time_offset, bc); + CHECK_OUT(ret); - kret = krb5_krcc_unparse_int32(context, usec_offset, bc); - CHECK_OUT(kret); + ret = unparse_int32(context, usec_offset, bc); + CHECK_OUT(ret); - return KRB5_OK; + return 0; } static krb5_error_code -krb5_krcc_unparse_offsets(krb5_context context, krb5_int32 time_offset, - krb5_int32 usec_offset, void **datapp, int *lenptr) +unparse_offsets(krb5_context context, int32_t time_offset, int32_t usec_offset, + void **datapp, int *lenptr) { - krb5_error_code kret; - krb5_krcc_bc bc; + krb5_error_code ret; + krcc_bc bc; char *buf; if (!datapp || !lenptr) @@ -2920,9 +2631,8 @@ krb5_krcc_unparse_offsets(krb5_context context, krb5_int32 time_offset, /* Do a dry run first to calculate the size. */ bc.bpp = bc.endp = NULL; bc.size = 0; - kret = krb5_krcc_unparse_offsets_internal(context, time_offset, - usec_offset, &bc); - CHECK_OUT(kret); + ret = unparse_offsets_internal(context, time_offset, usec_offset, &bc); + CHECK_OUT(ret); buf = malloc(bc.size); if (buf == NULL) @@ -2930,36 +2640,34 @@ krb5_krcc_unparse_offsets(krb5_context context, krb5_int32 time_offset, bc.bpp = buf; bc.endp = buf + bc.size; - kret = krb5_krcc_unparse_offsets_internal(context, time_offset, - usec_offset, &bc); - CHECK(kret); + ret = unparse_offsets_internal(context, time_offset, usec_offset, &bc); + CHECK(ret); /* Success! */ *datapp = buf; *lenptr = bc.bpp - buf; - kret = KRB5_OK; + ret = 0; errout: - if (kret) + if (ret) free(buf); - return kret; + return ret; } /* - * Utility routine: called by krb5_krcc_* functions to keep - * result of krb5_krcc_last_change_time up to date. + * Utility routine: called by krcc_* functions to keep + * result of krcc_last_change_time up to date. * Value monotonically increases -- based on but not guaranteed to be actual * system time. */ static void -krb5_krcc_update_change_time(krb5_krcc_data *d) +krcc_update_change_time(krcc_data *data) { krb5_timestamp now_time = time(NULL); - d->changetime = (d->changetime >= now_time) ? - d->changetime + 1 : now_time; + data->changetime = (data->changetime >= now_time) ? + data->changetime + 1 : now_time; } - /* * ccache implementation storing credentials in the Linux keyring facility * The default is to put them at the session keyring level. @@ -2969,30 +2677,30 @@ krb5_krcc_update_change_time(krb5_krcc_data *d) const krb5_cc_ops krb5_krcc_ops = { 0, "KEYRING", - krb5_krcc_get_name, - krb5_krcc_resolve, - krb5_krcc_generate_new, - krb5_krcc_initialize, - krb5_krcc_destroy, - krb5_krcc_close, - krb5_krcc_store, - krb5_krcc_retrieve, - krb5_krcc_get_principal, - krb5_krcc_start_seq_get, - krb5_krcc_next_cred, - krb5_krcc_end_seq_get, - krb5_krcc_remove_cred, - krb5_krcc_set_flags, - krb5_krcc_get_flags, /* added after 1.4 release */ - krb5_krcc_ptcursor_new, - krb5_krcc_ptcursor_next, - krb5_krcc_ptcursor_free, + krcc_get_name, + krcc_resolve, + krcc_generate_new, + krcc_initialize, + krcc_destroy, + krcc_close, + krcc_store, + krcc_retrieve, + krcc_get_principal, + krcc_start_seq_get, + krcc_next_cred, + krcc_end_seq_get, + krcc_remove_cred, + krcc_set_flags, + krcc_get_flags, /* added after 1.4 release */ + krcc_ptcursor_new, + krcc_ptcursor_next, + krcc_ptcursor_free, NULL, /* move */ - krb5_krcc_last_change_time, /* lastchange */ + krcc_last_change_time, /* lastchange */ NULL, /* wasdefault */ - krb5_krcc_lock, - krb5_krcc_unlock, - krb5_krcc_switch_to, + krcc_lock, + krcc_unlock, + krcc_switch_to, }; #else /* !USE_KEYRING_CCACHE */ -- cgit