From 5287b672cbba97a5c30ca79954101bd134a30eca Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 23 Sep 2016 14:49:09 +0200
Subject: [PATCH 26/36] KCM: Implement KCM server operations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Implements the actual KCM server operations. On a high level, each
operation unmarhalls the needed data from the input buffer, calls into
the ccache db and marshalls a response.
Only the operations that are also implemented by the MIT client are
implemented by our KCM server.
Resolves:
https://pagure.io/SSSD/sssd/issue/2887
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
Makefile.am | 2 +
src/responder/kcm/kcmsrv_cmd.c | 151 +++-
src/responder/kcm/kcmsrv_ops.c | 1954 ++++++++++++++++++++++++++++++++++++++++
src/responder/kcm/kcmsrv_ops.h | 45 +
4 files changed, 2143 insertions(+), 9 deletions(-)
create mode 100644 src/responder/kcm/kcmsrv_ops.c
create mode 100644 src/responder/kcm/kcmsrv_ops.h
diff --git a/Makefile.am b/Makefile.am
index 5605c1a53c44fd9e83394e80b7f71828df1d39b6..49b4cabf9ee3ce1417f955c972376894f3709b33 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -714,6 +714,7 @@ dist_noinst_HEADERS = \
src/responder/kcm/kcmsrv_ccache.h \
src/responder/kcm/kcmsrv_ccache_pvt.h \
src/responder/kcm/kcmsrv_ccache_be.h \
+ src/responder/kcm/kcmsrv_ops.h \
src/sbus/sbus_client.h \
src/sbus/sssd_dbus.h \
src/sbus/sssd_dbus_meta.h \
@@ -1493,6 +1494,7 @@ sssd_kcm_SOURCES = \
src/responder/kcm/kcmsrv_cmd.c \
src/responder/kcm/kcmsrv_ccache.c \
src/responder/kcm/kcmsrv_ccache_mem.c \
+ src/responder/kcm/kcmsrv_ops.c \
src/util/sss_sockets.c \
src/util/sss_krb5.c \
src/util/sss_iobuf.c \
diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c
index cbf70353730d8a4e03d8f75c97395f4ef007e77f..537e88953fd1a190a9a73bcdd430d8e0db8f9291 100644
--- a/src/responder/kcm/kcmsrv_cmd.c
+++ b/src/responder/kcm/kcmsrv_cmd.c
@@ -23,10 +23,10 @@
#include "config.h"
#include "util/util.h"
-#include "util/sss_iobuf.h"
#include "responder/common/responder.h"
#include "responder/kcm/kcmsrv_pvt.h"
#include "responder/kcm/kcm.h"
+#include "responder/kcm/kcmsrv_ops.h"
/* The first four bytes of a message is always the size */
#define KCM_MSG_LEN_SIZE 4
@@ -133,7 +133,6 @@ static errno_t kcm_input_parse(struct kcm_reqbuf *reqbuf,
{
size_t lc = 0;
size_t mc = 0;
- uint16_t opcode = 0;
uint16_t opcode_be = 0;
uint32_t len_be = 0;
uint32_t msglen;
@@ -162,7 +161,7 @@ static errno_t kcm_input_parse(struct kcm_reqbuf *reqbuf,
return EBADMSG;
}
- /* First 16 bits are 8 bit major and 8bit major protocol version */
+ /* First 16 bits are 8 bit major and 8bit minor protocol version */
SAFEALIGN_COPY_UINT8_CHECK(&proto_maj,
reqbuf->v_msg.kiov_base + mc,
reqbuf->v_msg.kiov_len,
@@ -191,8 +190,16 @@ static errno_t kcm_input_parse(struct kcm_reqbuf *reqbuf,
reqbuf->v_msg.kiov_len,
&mc);
- opcode = be16toh(opcode_be);
- DEBUG(SSSDBG_TRACE_LIBS, "Received operation code %"PRIu16"\n", opcode);
+ op_io->op = kcm_get_opt(be16toh(opcode_be));
+ if (op_io->op == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Did not find a KCM operation handler for the requested opcode\n");
+ return ERR_KCM_MALFORMED_IN_PKT;
+ }
+
+ /* The operation only receives the payload, not the opcode or the protocol info */
+ op_io->request.data = reqbuf->v_msg.kiov_base + mc;
+ op_io->request.length = reqbuf->v_msg.nprocessed - mc;
return EOK;
}
@@ -240,6 +247,46 @@ static errno_t kcm_failbuf_construct(errno_t ret,
c = 0;
SAFEALIGN_SETMEM_UINT32(repbuf->rcbuf, htobe32(ret), &c);
+ DEBUG(SSSDBG_TRACE_LIBS, "Sent reply with error %d\n", ret);
+ return EOK;
+}
+
+/* retcode is 0 if the operation at least ran, non-zero if there
+ * was some kind of internal KCM error, like input couldn't be parsed
+ */
+static errno_t kcm_output_construct(struct kcm_op_io *op_io,
+ struct kcm_repbuf *repbuf)
+{
+ size_t c;
+ size_t replen;
+
+ replen = sss_iobuf_get_len(op_io->reply);
+ if (replen > KCM_PACKET_MAX_SIZE) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Reply exceeds the KCM protocol limit, aborting\n");
+ return E2BIG;
+ }
+
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Sending a reply with %zu bytes of payload\n", replen);
+ c = 0;
+ SAFEALIGN_SETMEM_UINT32(repbuf->lenbuf, htobe32(replen), &c);
+
+ c = 0;
+ SAFEALIGN_SETMEM_UINT32(repbuf->rcbuf, 0, &c);
+
+ if (replen > 0) {
+ c = 0;
+ SAFEALIGN_MEMCPY_CHECK(repbuf->msgbuf,
+ sss_iobuf_get_data(op_io->reply),
+ replen,
+ repbuf->v_msg.kiov_len,
+ &c);
+
+ /* Length of the buffer to send to KCM client */
+ repbuf->v_msg.kiov_len = replen;
+ }
+
return EOK;
}
@@ -260,7 +307,8 @@ static void kcm_reply_error(struct cli_ctx *cctx,
ret = kcm_failbuf_construct(kerr, repbuf);
if (ret != EOK) {
- /* If we can't construct the reply buffer, just terminate the client */
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot construct the reply buffer, terminating client\n");
talloc_free(cctx);
return;
}
@@ -268,6 +316,24 @@ static void kcm_reply_error(struct cli_ctx *cctx,
TEVENT_FD_WRITEABLE(cctx->cfde);
}
+static void kcm_send_reply(struct cli_ctx *cctx,
+ struct kcm_op_io *op_io,
+ struct kcm_repbuf *repbuf)
+{
+ errno_t ret;
+
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Sending a reply\n");
+ ret = kcm_output_construct(op_io, repbuf);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot construct the reply buffer, terminating client\n");
+ kcm_reply_error(cctx, ret, repbuf);
+ return;
+ }
+
+ TEVENT_FD_WRITEABLE(cctx->cfde);
+}
+
/**
* Request-reply dispatcher
*/
@@ -285,17 +351,67 @@ struct kcm_req_ctx {
struct kcm_op_io op_io;
};
+static void kcm_cmd_request_done(struct tevent_req *req);
+
+static errno_t kcm_cmd_dispatch(struct kcm_req_ctx *req_ctx)
+{
+ struct tevent_req *req;
+ struct cli_ctx *cctx;
+
+ cctx = req_ctx->cctx;
+
+ req = kcm_cmd_send(req_ctx, cctx->ev, req_ctx->kctx->kcm_data,
+ req_ctx->cctx->creds,
+ &req_ctx->op_io.request,
+ req_ctx->op_io.op);
+ if (req == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to schedule KCM operation.\n");
+ return ENOMEM;
+ }
+
+ tevent_req_set_callback(req, kcm_cmd_request_done, req_ctx);
+ return EOK;
+}
+
+static void kcm_cmd_request_done(struct tevent_req *req)
+{
+ struct kcm_req_ctx *req_ctx;
+ struct cli_ctx *cctx;
+ errno_t ret;
+
+ req_ctx = tevent_req_callback_data(req, struct kcm_req_ctx);
+ cctx = req_ctx->cctx;
+
+ ret = kcm_cmd_recv(req_ctx, req,
+ &req_ctx->op_io.reply);
+ talloc_free(req);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "KCM operation failed [%d]: %s\n", ret, sss_strerror(ret));
+ kcm_reply_error(cctx, ret, &req_ctx->repbuf);
+ return;
+ }
+
+ kcm_send_reply(cctx, &req_ctx->op_io, &req_ctx->repbuf);
+}
+
static errno_t kcm_recv_data(int fd, struct kcm_reqbuf *reqbuf)
{
errno_t ret;
ret = kcm_read_iovec(fd, &reqbuf->v_len);
if (ret != EOK) {
+ /* Not all errors are fatal, hence we don't print DEBUG messages
+ * here, but in the caller
+ */
return ret;
}
ret = kcm_read_iovec(fd, &reqbuf->v_msg);
if (ret != EOK) {
+ /* Not all errors are fatal, hence we don't print DEBUG messages
+ * here, but in the caller
+ */
return ret;
}
@@ -389,7 +505,15 @@ static void kcm_recv(struct cli_ctx *cctx)
/* do not read anymore, client is done sending */
TEVENT_FD_NOT_READABLE(cctx->cfde);
- kcm_reply_error(cctx, ret, &req->repbuf);
+ ret = kcm_cmd_dispatch(req);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ "Failed to dispatch KCM operation [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto fail;
+ }
+
+ /* Dispatched request resumes in kcm_cmd_request_done */
return;
fail:
@@ -406,16 +530,25 @@ static int kcm_send_data(struct cli_ctx *cctx)
ret = kcm_write_iovec(cctx->cfd, &req->repbuf.v_len);
if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to write the length iovec [%d]: %s\n",
+ ret, sss_strerror(ret));
return ret;
}
ret = kcm_write_iovec(cctx->cfd, &req->repbuf.v_rc);
if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to write the retcode iovec [%d]: %s\n",
+ ret, sss_strerror(ret));
return ret;
}
ret = kcm_write_iovec(cctx->cfd, &req->repbuf.v_msg);
if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to write the msg iovec [%d]: %s\n",
+ ret, sss_strerror(ret));
return ret;
}
@@ -428,7 +561,7 @@ static void kcm_send(struct cli_ctx *cctx)
ret = kcm_send_data(cctx);
if (ret == EAGAIN) {
- /* not all data was sent, loop again */
+ DEBUG(SSSDBG_TRACE_ALL, "Sending data again..\n");
return;
} else if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to send data, aborting client!\n");
@@ -436,7 +569,7 @@ static void kcm_send(struct cli_ctx *cctx)
return;
}
- /* ok all sent */
+ DEBUG(SSSDBG_TRACE_INTERNAL, "All data sent!\n");
TEVENT_FD_NOT_WRITEABLE(cctx->cfde);
TEVENT_FD_READABLE(cctx->cfde);
talloc_zfree(cctx->state_ctx);
diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c
new file mode 100644
index 0000000000000000000000000000000000000000..50e8cc635424e15d53e3c8d122c5525044f59c8a
--- /dev/null
+++ b/src/responder/kcm/kcmsrv_ops.c
@@ -0,0 +1,1954 @@
+/*
+ SSSD
+
+ KCM Server - the KCM server operations
+
+ Copyright (C) Red Hat, 2016
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "config.h"
+
+#include <krb5/krb5.h>
+
+#include "util/sss_iobuf.h"
+#include "util/sss_krb5.h"
+#include "util/util_creds.h"
+#include "responder/kcm/kcm.h"
+#include "responder/kcm/kcmsrv_pvt.h"
+#include "responder/kcm/kcmsrv_ops.h"
+#include "responder/kcm/kcmsrv_ccache.h"
+
+#define KCM_REPLY_MAX 2048
+
+struct kcm_op_ctx {
+ struct kcm_resp_ctx *kcm_data;
+ struct cli_creds *client;
+
+ struct sss_iobuf *input;
+ struct sss_iobuf *reply;
+};
+
+/* Each operation follows the same pattern and is implemented using
+ * functions with this prototype. The operation receives an op_ctx
+ * that serves as a state of the operation and can be used to keep
+ * track of any temporary data. The operation writes its output data
+ * into the op_ctx reply IO buffer and returns the op_ret status code
+ * separately.
+ *
+ * The operation always returns EOK unless an internal error occurs,
+ * the result of the operation is stored in the op_ret variable
+ */
+typedef struct tevent_req*
+(*kcm_srv_send_method)(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx);
+typedef errno_t
+(*kcm_srv_recv_method)(struct tevent_req *req,
+ uint32_t *_op_ret);
+
+struct kcm_op {
+ const char *name;
+ kcm_srv_send_method fn_send;
+ kcm_srv_recv_method fn_recv;
+};
+
+struct kcm_cmd_state {
+ struct kcm_op *op;
+
+ struct kcm_op_ctx *op_ctx;
+ struct sss_iobuf *reply;
+
+ uint32_t op_ret;
+};
+
+static void kcm_cmd_done(struct tevent_req *subreq);
+
+struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_resp_ctx *kcm_data,
+ struct cli_creds *client,
+ struct kcm_data *input,
+ struct kcm_op *op)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_cmd_state *state = NULL;
+ errno_t ret;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_cmd_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op = op;
+
+ if (op == NULL) {
+ ret = EINVAL;
+ goto immediate;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC, "KCM operation %s\n", op->name);
+ DEBUG(SSSDBG_TRACE_LIBS, "%zu bytes on KCM input\n", input->length);
+
+ state->reply = sss_iobuf_init_empty(state,
+ KCM_REPLY_MAX,
+ KCM_REPLY_MAX);
+ if (state->reply == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+
+ if (op->fn_send == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "KCM op %s has no handler\n", kcm_opt_name(op));
+ ret = ERR_KCM_OP_NOT_IMPLEMENTED;
+ goto immediate;
+ }
+
+ /* Allocating op_ctx on the heap makes it possible for operations to use
+ * op_ctx as their temporary context and avoid tmp_ctx altogether
+ */
+ state->op_ctx = talloc_zero(state, struct kcm_op_ctx);
+ if (state->op_ctx == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+
+ state->op_ctx->kcm_data = kcm_data;
+ state->op_ctx->client = client;
+
+ state->op_ctx->input = sss_iobuf_init_readonly(state->op_ctx,
+ input->data,
+ input->length);
+ if (state->op_ctx->input == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+
+ /*
+ * The internal operation returns the opcode and the buffer separately.
+ * The KCM server reply to the client also always contains zero if the
+ * operation ran to completion, both are uint32_t.
+ * FIXME:
+ * Alternatively, we could extend iobuf API so that we can just pass
+ * the reply's buffer+sizeof(2*uint32_t) and avoid the useless allocations
+ */
+ state->op_ctx->reply = sss_iobuf_init_empty(
+ state,
+ KCM_REPLY_MAX - 2*sizeof(uint32_t),
+ KCM_REPLY_MAX - 2*sizeof(uint32_t));
+ if (state->reply == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+
+ subreq = op->fn_send(state, ev, state->op_ctx);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_cmd_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_cmd_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
+ struct kcm_cmd_state *state = tevent_req_data(req, struct kcm_cmd_state);
+ errno_t ret;
+ krb5_error_code kerr;
+
+ ret = state->op->fn_recv(subreq, &state->op_ret);
+ talloc_free(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "op receive function failed [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "KCM operation %s returned [%d]: %s\n",
+ kcm_opt_name(state->op), state->op_ret, sss_strerror(state->op_ret));
+
+ kerr = sss2krb5_error(state->op_ret);
+
+ /* The first four bytes of the reply is the operation status code */
+ ret = sss_iobuf_write_uint32(state->reply, htobe32(kerr));
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ ret = sss_iobuf_write_len(state->reply,
+ sss_iobuf_get_data(state->op_ctx->reply),
+ sss_iobuf_get_len(state->op_ctx->reply));
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+errno_t kcm_cmd_recv(TALLOC_CTX *mem_ctx,
+ struct tevent_req *req,
+ struct sss_iobuf **_reply)
+{
+ struct kcm_cmd_state *state = NULL;
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+ state = tevent_req_data(req, struct kcm_cmd_state);
+
+ *_reply = talloc_steal(mem_ctx, state->reply);
+ return EOK;
+}
+
+/* ======= KCM operations ======= */
+
+/* Operations that don't return any extra information except for the op_ret
+ * can use this macro in the _recv function to avoid code duplication
+ */
+#define KCM_OP_RET_FROM_TYPE(req, state_type, _op_ret_out) do { \
+ state_type *state = NULL; \
+ state = tevent_req_data(req, state_type); \
+ TEVENT_REQ_RETURN_ON_ERROR(req); \
+ *_op_ret_out = state->op_ret; \
+ return EOK; \
+} while(0);
+
+struct kcm_op_common_state {
+ uint32_t op_ret;
+ struct kcm_op_ctx *op_ctx;
+ struct tevent_context *ev;
+};
+
+static errno_t kcm_op_common_recv(struct tevent_req *req,
+ uint32_t *_op_ret)
+{
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+ *_op_ret = state->op_ret;
+ return EOK;
+}
+
+/* () -> (name) */
+static void kcm_op_gen_new_done(struct tevent_req *subreq);
+
+static struct tevent_req *kcm_op_gen_new_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ subreq = kcm_ccdb_nextid_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_gen_new_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_gen_new_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ char *newid;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+
+ ret = kcm_ccdb_nextid_recv(subreq, state, &newid);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot generate a new ID [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ DEBUG(SSSDBG_TRACE_LIBS, "Generated a new ID %s\n", newid);
+
+ ret = sss_iobuf_write_stringz(state->op_ctx->reply, newid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot write generated ID %d: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* (princ) -> () */
+struct kcm_op_initialize_state {
+ uint32_t op_ret;
+ struct kcm_op_ctx *op_ctx;
+ struct tevent_context *ev;
+
+ struct kcm_ccache *new_cc;
+ const char *name;
+ krb5_principal princ;
+};
+
+static void kcm_op_initialize_got_byname(struct tevent_req *subreq);
+static void kcm_op_initialize_cc_create_done(struct tevent_req *subreq);
+static void kcm_op_initialize_cc_delete_done(struct tevent_req *subreq);
+static void kcm_op_initialize_create_step(struct tevent_req *req);
+static void kcm_op_initialize_got_default(struct tevent_req *subreq);
+static void kcm_op_initialize_set_default_done(struct tevent_req *subreq);
+
+static struct tevent_req *kcm_op_initialize_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_initialize_state *state = NULL;
+ errno_t ret;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_initialize_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+ state->ev = ev;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &state->name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot read input name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+ DEBUG(SSSDBG_TRACE_LIBS, "Initializing ccache %s\n", state->name);
+
+ ret = kcm_check_name(state->name, op_ctx->client);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Name %s is malformed [%d]: %s\n",
+ state->name, ret, sss_strerror(ret));
+ goto immediate;
+ }
+
+ ret = sss_krb5_unmarshal_princ(op_ctx, op_ctx->input, &state->princ);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot unmarshal principal [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+
+ subreq = kcm_ccdb_getbyname_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ state->name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_initialize_got_byname, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_initialize_got_byname(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_initialize_state *state = tevent_req_data(req,
+ struct kcm_op_initialize_state);
+ bool ok;
+ uuid_t uuid;
+
+ ret = kcm_ccdb_getbyname_recv(subreq, state, &state->new_cc);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccache by name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (state->new_cc != NULL) {
+ ok = kcm_cc_access(state->new_cc, state->op_ctx->client);
+ if (!ok) {
+ state->op_ret = EACCES;
+ tevent_req_done(req);
+ return;
+ }
+
+ ret = kcm_cc_get_uuid(state->new_cc, uuid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get new ccache UUID [%d]: %s\n",
+ ret, sss_strerror(ret));
+ return;
+ }
+
+ /* Nuke any previous cache and its contents during initialization */
+ subreq = kcm_ccdb_delete_cc_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ uuid);
+ if (subreq == NULL) {
+ tevent_req_error(req, ret);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_initialize_cc_delete_done, req);
+ return;
+ }
+
+ kcm_op_initialize_create_step(req);
+}
+
+static void kcm_op_initialize_cc_delete_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ errno_t ret;
+
+ ret = kcm_ccdb_delete_cc_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot delete ccache from the db %d: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ kcm_op_initialize_create_step(req);
+}
+
+static void kcm_op_initialize_create_step(struct tevent_req *req)
+{
+ struct tevent_req *subreq;
+ struct kcm_op_initialize_state *state = tevent_req_data(req,
+ struct kcm_op_initialize_state);
+ errno_t ret;
+
+ ret = kcm_cc_new(state->op_ctx,
+ state->op_ctx->kcm_data->k5c,
+ state->op_ctx->client,
+ state->name,
+ state->princ,
+ &state->new_cc);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot create new ccache %d: %s\n", ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ subreq = kcm_ccdb_create_cc_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ state->new_cc);
+ if (subreq == NULL) {
+ tevent_req_error(req, ret);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_initialize_cc_create_done, req);
+}
+
+static void kcm_op_initialize_cc_create_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_initialize_state *state = tevent_req_data(req,
+ struct kcm_op_initialize_state);
+ errno_t ret;
+
+ ret = kcm_ccdb_create_cc_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot add ccache to db %d: %s\n", ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ /* If there was no previous default ccache, set this one as default */
+ subreq = kcm_ccdb_get_default_send(state, state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client);
+ if (subreq == NULL) {
+ tevent_req_error(req, ret);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_initialize_got_default, req);
+}
+
+static void kcm_op_initialize_got_default(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_initialize_state *state = tevent_req_data(req,
+ struct kcm_op_initialize_state);
+ errno_t ret;
+ uuid_t dfl_uuid;
+ uuid_t old_dfl_uuid;
+
+ ret = kcm_ccdb_get_default_recv(subreq, &old_dfl_uuid);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get default ccache [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (uuid_is_null(old_dfl_uuid) == false) {
+ /* If there was a previous default ccache, switch to the initialized
+ * one by default
+ */
+ ret = kcm_cc_get_uuid(state->new_cc, dfl_uuid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get new ccache UUID [%d]: %s\n",
+ ret, sss_strerror(ret));
+ return;
+ }
+
+ subreq = kcm_ccdb_set_default_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ dfl_uuid);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_initialize_set_default_done, req);
+ return;
+ }
+
+ /* ENOENT, done */
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+static void kcm_op_initialize_set_default_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_initialize_state *state = tevent_req_data(req,
+ struct kcm_op_initialize_state);
+ errno_t ret;
+
+ ret = kcm_ccdb_set_default_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot set default ccache %d: %s\n", ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+static errno_t kcm_op_initialize_recv(struct tevent_req *req,
+ uint32_t *_op_ret)
+{
+ KCM_OP_RET_FROM_TYPE(req, struct kcm_op_initialize_state, _op_ret);
+}
+
+/* (name) -> () */
+static void kcm_op_destroy_getbyname_done(struct tevent_req *subreq);
+static void kcm_op_destroy_delete_done(struct tevent_req *subreq);
+
+static struct tevent_req *kcm_op_destroy_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+ const char *name;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+ state->ev = ev;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot unmarshall input name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+
+ DEBUG(SSSDBG_TRACE_LIBS, "Destroying credentials of %s\n", name);
+
+ subreq = kcm_ccdb_uuid_by_name_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_destroy_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_destroy_getbyname_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+ uuid_t uuid;
+
+ ret = kcm_ccdb_uuid_by_name_recv(subreq, state, uuid);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get matching ccache [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ subreq = kcm_ccdb_delete_cc_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ uuid);
+ if (subreq == NULL) {
+ tevent_req_error(req, ret);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_destroy_delete_done, req);
+}
+
+static void kcm_op_destroy_delete_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+
+ ret = kcm_ccdb_delete_cc_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot delete ccache from the db [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* (name, cred) -> () */
+struct kcm_op_store_state {
+ uint32_t op_ret;
+ struct kcm_op_ctx *op_ctx;
+ struct tevent_context *ev;
+
+ struct sss_iobuf *cred_blob;
+};
+
+static void kcm_op_store_getbyname_done(struct tevent_req *subreq);
+static void kcm_op_store_done(struct tevent_req *subreq);
+
+static struct tevent_req *kcm_op_store_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_store_state *state = NULL;
+ errno_t ret;
+ const char *name;
+ size_t creds_len;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_store_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+ state->ev = ev;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot unmarshall input name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+
+ DEBUG(SSSDBG_TRACE_LIBS, "Storing credentials for %s\n", name);
+
+ creds_len = sss_iobuf_get_size(op_ctx->input) - strlen(name) -1;
+ if (creds_len > KCM_REPLY_MAX) {
+ /* Protects against underflows and in general adds sanity */
+ ret = E2BIG;
+ goto immediate;
+ }
+
+ state->cred_blob = sss_iobuf_init_empty(state,
+ creds_len,
+ creds_len);
+ if (state->cred_blob == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+
+ ret = sss_iobuf_read(op_ctx->input,
+ creds_len,
+ sss_iobuf_get_data(state->cred_blob),
+ NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot unmarshall input cred blob [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+
+ subreq = kcm_ccdb_uuid_by_name_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_store_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_store_getbyname_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_store_state *state = tevent_req_data(req,
+ struct kcm_op_store_state);
+ uuid_t uuid;
+
+ ret = kcm_ccdb_uuid_by_name_recv(subreq, state, uuid);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccache by name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ subreq = kcm_ccdb_store_cred_blob_send(state, state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ uuid,
+ state->cred_blob);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_store_done, req);
+}
+
+static void kcm_op_store_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_store_state *state = tevent_req_data(req,
+ struct kcm_op_store_state);
+
+ ret = kcm_ccdb_store_cred_blob_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot store credentials [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+static errno_t kcm_op_store_recv(struct tevent_req *req,
+ uint32_t *_op_ret)
+{
+ KCM_OP_RET_FROM_TYPE(req, struct kcm_op_store_state, _op_ret);
+}
+
+/* (name) -> (princ) */
+static void kcm_op_get_principal_getbyname_done(struct tevent_req *subreq);
+
+static struct tevent_req *kcm_op_get_principal_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+ const char *name;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ goto immediate;
+ }
+ DEBUG(SSSDBG_TRACE_LIBS, "Requested principal %s\n", name);
+
+ subreq = kcm_ccdb_getbyname_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_principal_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_get_principal_getbyname_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct kcm_ccache *cc;
+ krb5_principal princ;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+
+ ret = kcm_ccdb_getbyname_recv(subreq, state, &cc);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccache by name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (cc == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "No credentials by that name\n");
+ state->op_ret = ERR_NO_MATCHING_CREDS;
+ tevent_req_done(req);
+ return;
+ }
+
+ /* Marshall the principal to the reply */
+ princ = kcm_cc_get_client_principal(cc);
+ if (princ == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Credentials with no principal?\n");
+ tevent_req_error(req, EIO);
+ return;
+ }
+
+ ret = sss_krb5_marshal_princ(princ, state->op_ctx->reply);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot marshall principal [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* (name) -> (uuid, ...) */
+static void kcm_op_get_cred_uuid_getbyname_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+kcm_op_get_cred_uuid_list_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+ const char *name;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ goto immediate;
+ }
+
+ DEBUG(SSSDBG_TRACE_LIBS, "Returning UUID list for %s\n", name);
+
+ subreq = kcm_ccdb_getbyname_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_cred_uuid_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_get_cred_uuid_getbyname_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct kcm_ccache *cc;
+ struct kcm_cred *crd;
+ uuid_t uuid;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+
+ ret = kcm_ccdb_getbyname_recv(subreq, state, &cc);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccache by name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (cc == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "No credentials by that UUID\n");
+ state->op_ret = ERR_NO_CREDS;
+ tevent_req_done(req);
+ return;
+ }
+
+ for (crd = kcm_cc_get_cred(cc);
+ crd != NULL;
+ crd = kcm_cc_next_cred(crd)) {
+ ret = kcm_cred_get_uuid(crd, uuid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "Credential has no UUID, skipping\n");
+ continue;
+ }
+
+ kcm_debug_uuid(uuid);
+
+ ret = sss_iobuf_write_len(state->op_ctx->reply,
+ uuid, UUID_BYTES);
+ if (ret != EOK) {
+ char uuid_errbuf[UUID_STR_SIZE];
+ uuid_parse(uuid_errbuf, uuid);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot marshall UUID %s [%d]: %s\n",
+ uuid_errbuf, ret, sss_strerror(ret));
+ continue;
+ }
+ }
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* (name, uuid) -> (cred) */
+static void kcm_op_get_cred_by_uuid_getbyname_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+kcm_op_get_cred_by_uuid_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+ const char *name;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ goto immediate;
+ }
+ DEBUG(SSSDBG_TRACE_LIBS, "Returning creds by UUID for %s\n", name);
+
+ subreq = kcm_ccdb_getbyname_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_cred_by_uuid_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_get_cred_by_uuid_getbyname_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+ errno_t ret;
+ struct kcm_ccache *cc;
+ struct kcm_cred *crd;
+ uuid_t uuid_in;
+ uuid_t uuid;
+ struct sss_iobuf *cred_blob;
+
+ ret = kcm_ccdb_getbyname_recv(subreq, state, &cc);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccache by name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (cc == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "No credentials by that name\n");
+ state->op_ret = ERR_NO_MATCHING_CREDS;
+ tevent_req_done(req);
+ return;
+ }
+
+ ret = sss_iobuf_read_len(state->op_ctx->input,
+ UUID_BYTES, uuid_in);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot read input UUID [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ for (crd = kcm_cc_get_cred(cc);
+ crd != NULL;
+ crd = kcm_cc_next_cred(crd)) {
+ ret = kcm_cred_get_uuid(crd, uuid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot get UUID from creds, skipping\n");
+ continue;
+ }
+
+ if (uuid_compare(uuid, uuid_in) == 0) {
+ break;
+ }
+ kcm_debug_uuid(uuid);
+ }
+
+ if (crd == NULL) {
+ state->op_ret = ERR_KCM_CC_END;
+ DEBUG(SSSDBG_MINOR_FAILURE, "No credentials by that UUID\n");
+ tevent_req_done(req);
+ return;
+ }
+
+ cred_blob = kcm_cred_get_creds(crd);
+ if (cred_blob == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Credentials lack the creds blob\n");
+ state->op_ret = ERR_NO_CREDS;
+ tevent_req_done(req);
+ return;
+ }
+
+ ret = sss_iobuf_write_len(state->op_ctx->reply,
+ sss_iobuf_get_data(cred_blob),
+ sss_iobuf_get_size(cred_blob));
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot write ccache blob [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* (name, flags, credtag) -> () */
+/* FIXME */
+static struct tevent_req *
+kcm_op_remove_cred_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct kcm_op_common_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ state->op_ret = ERR_KCM_OP_NOT_IMPLEMENTED;
+ tevent_req_post(req, ev);
+ tevent_req_done(req);
+ return req;
+}
+
+/* () -> (uuid, ...) */
+static void kcm_op_get_cache_uuid_list_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+kcm_op_get_cache_uuid_list_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ DEBUG(SSSDBG_TRACE_LIBS, "Returning full UUID list\n");
+
+ subreq = kcm_ccdb_list_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_cache_uuid_list_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_get_cache_uuid_list_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+ errno_t ret;
+ uuid_t *uuid_list;
+
+ ret = kcm_ccdb_list_recv(subreq, state, &uuid_list);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot list the ccache DB [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (uuid_list == NULL || uuid_list[0] == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "Nothing to list\n");
+ state->op_ret = ERR_NO_MATCHING_CREDS;
+ tevent_req_done(req);
+ return;
+ }
+
+ for (int i = 0;
+ uuid_is_null(uuid_list[i]) == false;
+ i++) {
+ kcm_debug_uuid(uuid_list[i]);
+
+ ret = sss_iobuf_write_len(state->op_ctx->reply,
+ uuid_list[i],
+ UUID_BYTES);
+ if (ret != EOK) {
+ char uuid_errbuf[UUID_STR_SIZE];
+ uuid_parse(uuid_errbuf, uuid_list[i]);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot marshall UUID %s [%d]: %s\n",
+ uuid_errbuf, ret, sss_strerror(ret));
+ tevent_req_done(req);
+ return;
+ }
+ }
+
+ tevent_req_done(req);
+}
+
+/* (uuid) -> (name) */
+static void kcm_op_get_cache_by_uuid_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+kcm_op_get_cache_by_uuid_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+ uuid_t uuid_in;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ DEBUG(SSSDBG_TRACE_LIBS, "Retrieving cache by UUID\n");
+
+ ret = sss_iobuf_read_len(op_ctx->input,
+ UUID_BYTES, uuid_in);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot read input UUID [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+ kcm_debug_uuid(uuid_in);
+
+ subreq = kcm_ccdb_getbyuuid_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ uuid_in);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_cache_by_uuid_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_get_cache_by_uuid_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct kcm_ccache *cc;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+ const char *name;
+
+ ret = kcm_ccdb_getbyuuid_recv(subreq, state, &cc);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccahe by UUID [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (cc == NULL) {
+ state->op_ret = ERR_KCM_CC_END;
+ tevent_req_done(req);
+ return;
+ }
+
+ name = kcm_cc_get_name(cc);
+ DEBUG(SSSDBG_TRACE_INTERNAL, "Found %s by UUID\n", name);
+
+ ret = sss_iobuf_write_stringz(state->op_ctx->reply,
+ name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot write output name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* () -> (name) */
+struct kcm_op_get_default_ccache_state {
+ uint32_t op_ret;
+ struct kcm_op_ctx *op_ctx;
+ struct tevent_context *ev;
+
+ const char *name;
+};
+
+static void kcm_op_get_get_default_done(struct tevent_req *subreq);
+static void kcm_op_get_default_ccache_byuuid_done(struct tevent_req *subreq);
+static void kcm_op_get_default_ccache_list_done(struct tevent_req *subreq);
+static errno_t
+kcm_op_get_default_ccache_reply_step(struct kcm_op_get_default_ccache_state *state);
+
+static struct tevent_req *
+kcm_op_get_default_ccache_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_get_default_ccache_state *state = NULL;
+ errno_t ret;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct kcm_op_get_default_ccache_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+ state->ev = ev;
+
+ DEBUG(SSSDBG_TRACE_LIBS, "Getting client's default ccache\n");
+
+ subreq = kcm_ccdb_get_default_send(state, ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_get_default_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_get_get_default_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
+ struct kcm_op_get_default_ccache_state *state = tevent_req_data(req,
+ struct kcm_op_get_default_ccache_state);
+ errno_t ret;
+ uuid_t dfl_uuid;
+
+ ret = kcm_ccdb_get_default_recv(subreq, &dfl_uuid);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get default ccache [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (uuid_is_null(dfl_uuid) == true) {
+ /* No cache marked as default -- get an existing ccache for ID
+ * and treat the default as simply the first one
+ */
+ subreq = kcm_ccdb_list_send(state, state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_default_ccache_list_done, req);
+ return;
+ }
+
+ /* Existing default */
+ subreq = kcm_ccdb_name_by_uuid_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ dfl_uuid);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_default_ccache_byuuid_done, req);
+ return;
+}
+
+static void kcm_op_get_default_ccache_byuuid_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
+ struct kcm_op_get_default_ccache_state *state = tevent_req_data(req,
+ struct kcm_op_get_default_ccache_state);
+ errno_t ret;
+
+ ret = kcm_ccdb_name_by_uuid_recv(subreq, state, &state->name);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccahe by UUID [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ ret = kcm_op_get_default_ccache_reply_step(state);
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+static void kcm_op_get_default_ccache_list_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
+ struct kcm_op_get_default_ccache_state *state = tevent_req_data(req,
+ struct kcm_op_get_default_ccache_state);
+ errno_t ret;
+ uuid_t *uuid_list;
+
+ ret = kcm_ccdb_list_recv(subreq, state, &uuid_list);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot list ccaches [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (uuid_list == NULL || uuid_is_null(uuid_list[0])) {
+ /* No cache at all, just send back a reply */
+ ret = kcm_op_get_default_ccache_reply_step(state);
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ tevent_req_done(req);
+ return;
+ }
+
+ /* Otherwise resolve the first cache and use it as a default */
+ subreq = kcm_ccdb_name_by_uuid_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ uuid_list[0]);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_default_ccache_byuuid_done, req);
+ return;
+}
+
+static errno_t
+kcm_op_get_default_ccache_reply_step(struct kcm_op_get_default_ccache_state *state)
+{
+ errno_t ret;
+
+ if (state->name == NULL) {
+ state->name = talloc_asprintf(state,
+ "%"SPRIuid,
+ cli_creds_get_uid(state->op_ctx->client));
+ if (state->name == NULL) {
+ return ENOMEM;
+ }
+ }
+ DEBUG(SSSDBG_TRACE_INTERNAL, "The default ccache is %s\n", state->name);
+
+ ret = sss_iobuf_write_stringz(state->op_ctx->reply, state->name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot write output name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ return ret;
+ }
+
+ return EOK;
+}
+
+static errno_t kcm_op_get_default_ccache_recv(struct tevent_req *req,
+ uint32_t *_op_ret)
+{
+ KCM_OP_RET_FROM_TYPE(req, struct kcm_op_get_default_ccache_state, _op_ret);
+}
+
+/* (name) -> () */
+static void kcm_op_set_default_ccache_getbyname_done(struct tevent_req *subreq);
+static void kcm_op_set_default_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+kcm_op_set_default_ccache_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+ const char *name;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+ state->ev = ev;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot read input name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+ DEBUG(SSSDBG_TRACE_LIBS, "Setting default ccache %s\n", name);
+
+ subreq = kcm_ccdb_uuid_by_name_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_set_default_ccache_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_set_default_ccache_getbyname_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+ uuid_t dfl_uuid;
+
+ ret = kcm_ccdb_uuid_by_name_recv(subreq, state, dfl_uuid);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get ccache by name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ subreq = kcm_ccdb_set_default_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ dfl_uuid);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_set_default_done, req);
+ return;
+}
+
+static void kcm_op_set_default_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+
+ ret = kcm_ccdb_set_default_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot set default ccache %d: %s\n", ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* (name) -> (offset) */
+static void kcm_op_get_kdc_offset_getbyname_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+kcm_op_get_kdc_offset_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_common_state *state = NULL;
+ errno_t ret;
+ const char *name;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_common_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot read input name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+ DEBUG(SSSDBG_TRACE_LIBS, "Requested offset for principal %s\n", name);
+
+ subreq = kcm_ccdb_getbyname_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_get_kdc_offset_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_get_kdc_offset_getbyname_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct kcm_ccache *cc;
+ int32_t offset;
+ int32_t offset_be;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_common_state *state = tevent_req_data(req,
+ struct kcm_op_common_state);
+
+ ret = kcm_ccdb_getbyname_recv(subreq, state, &cc);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get matching ccache [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ if (cc == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "No matching credentials\n");
+ state->op_ret = ERR_NO_MATCHING_CREDS;
+ tevent_req_done(req);
+ return;
+ }
+
+ offset = kcm_cc_get_offset(cc);
+ DEBUG(SSSDBG_TRACE_LIBS, "KDC offset: %"PRIu32"\n", offset);
+
+ offset_be = htobe32(offset);
+ ret = sss_iobuf_write_int32(state->op_ctx->reply, offset_be);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot write KDC offset [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+/* (name, offset) -> () */
+/* () -> (name) */
+struct kcm_op_set_kdc_offset_state {
+ uint32_t op_ret;
+ struct kcm_op_ctx *op_ctx;
+ struct tevent_context *ev;
+};
+
+static void kcm_op_set_kdc_offset_getbyname_done(struct tevent_req *subreq);
+static void kcm_op_set_kdc_offset_mod_done(struct tevent_req *subreq);
+
+static struct tevent_req *
+kcm_op_set_kdc_offset_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_op_ctx *op_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct kcm_op_set_kdc_offset_state *state = NULL;
+ errno_t ret;
+ const char *name;
+
+ req = tevent_req_create(mem_ctx, &state, struct kcm_op_set_kdc_offset_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->op_ctx = op_ctx;
+ state->ev = ev;
+
+ ret = sss_iobuf_read_stringz(op_ctx->input, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot read input name [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto immediate;
+ }
+ DEBUG(SSSDBG_TRACE_LIBS, "Setting offset for principal %s\n", name);
+
+ subreq = kcm_ccdb_uuid_by_name_send(state, ev,
+ op_ctx->kcm_data->db,
+ op_ctx->client,
+ name);
+ if (subreq == NULL) {
+ ret = ENOMEM;
+ goto immediate;
+ }
+ tevent_req_set_callback(subreq, kcm_op_set_kdc_offset_getbyname_done, req);
+ return req;
+
+immediate:
+ tevent_req_error(req, ret);
+ tevent_req_post(req, ev);
+ return req;
+}
+
+static void kcm_op_set_kdc_offset_getbyname_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct kcm_mod_ctx *mod_ctx;
+ int32_t offset_be;
+ uuid_t uuid;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_set_kdc_offset_state *state = tevent_req_data(req,
+ struct kcm_op_set_kdc_offset_state);
+
+ ret = kcm_ccdb_uuid_by_name_recv(subreq, state, uuid);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot get matching ccache [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ ret = sss_iobuf_read_int32(state->op_ctx->input, &offset_be);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot read KDC offset [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ mod_ctx = talloc(state, struct kcm_mod_ctx);
+ if (mod_ctx == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+
+ kcm_mod_ctx_clear(mod_ctx);
+ mod_ctx->kdc_offset = be32toh(offset_be);
+
+ subreq = kcm_ccdb_mod_cc_send(state,
+ state->ev,
+ state->op_ctx->kcm_data->db,
+ state->op_ctx->client,
+ uuid,
+ mod_ctx);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+ tevent_req_set_callback(subreq, kcm_op_set_kdc_offset_mod_done, req);
+}
+
+static void kcm_op_set_kdc_offset_mod_done(struct tevent_req *subreq)
+{
+ errno_t ret;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct kcm_op_set_kdc_offset_state *state = tevent_req_data(req,
+ struct kcm_op_set_kdc_offset_state);
+
+ ret = kcm_ccdb_mod_cc_recv(subreq);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Cannot modify ccache [%d]: %s\n",
+ ret, sss_strerror(ret));
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ state->op_ret = EOK;
+ tevent_req_done(req);
+}
+
+static errno_t kcm_op_set_kdc_offset_recv(struct tevent_req *req,
+ uint32_t *_op_ret)
+{
+ KCM_OP_RET_FROM_TYPE(req, struct kcm_op_set_kdc_offset_state, _op_ret);
+}
+
+static struct kcm_op kcm_optable[] = {
+ { "NOOP", NULL, NULL },
+ { "GET_NAME", NULL, NULL },
+ { "RESOLVE", NULL, NULL },
+ { "GEN_NEW", kcm_op_gen_new_send, NULL },
+ { "INITIALIZE", kcm_op_initialize_send, kcm_op_initialize_recv },
+ { "DESTROY", kcm_op_destroy_send, NULL },
+ { "STORE", kcm_op_store_send, kcm_op_store_recv },
+ { "RETRIEVE", NULL, NULL },
+ { "GET_PRINCIPAL", kcm_op_get_principal_send, NULL },
+ { "GET_CRED_UUID_LIST", kcm_op_get_cred_uuid_list_send, NULL },
+ { "GET_CRED_BY_UUID", kcm_op_get_cred_by_uuid_send, NULL },
+ { "REMOVE_CRED", kcm_op_remove_cred_send, NULL },
+ { "SET_FLAGS", NULL, NULL },
+ { "CHOWN", NULL, NULL },
+ { "CHMOD", NULL, NULL },
+ { "GET_INITIAL_TICKET", NULL, NULL },
+ { "GET_TICKET", NULL, NULL },
+ { "MOVE_CACHE", NULL, NULL },
+ { "GET_CACHE_UUID_LIST", kcm_op_get_cache_uuid_list_send, NULL },
+ { "GET_CACHE_BY_UUID", kcm_op_get_cache_by_uuid_send, NULL },
+ { "GET_DEFAULT_CACHE", kcm_op_get_default_ccache_send, kcm_op_get_default_ccache_recv },
+ { "SET_DEFAULT_CACHE", kcm_op_set_default_ccache_send, NULL },
+ { "GET_KDC_OFFSET", kcm_op_get_kdc_offset_send, NULL },
+ { "SET_KDC_OFFSET", kcm_op_set_kdc_offset_send, kcm_op_set_kdc_offset_recv },
+ { "ADD_NTLM_CRED", NULL, NULL },
+ { "HAVE_NTLM_CRED", NULL, NULL },
+ { "DEL_NTLM_CRED", NULL, NULL },
+ { "DO_NTLM_AUTH", NULL, NULL },
+ { "GET_NTLM_USER_LIST", NULL, NULL },
+
+ { NULL, NULL, NULL }
+};
+
+struct kcm_op *kcm_get_opt(uint16_t opcode)
+{
+ struct kcm_op *op;
+
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "The client requested operation %"PRIu16"\n", opcode);
+
+ if (opcode >= KCM_OP_SENTINEL) {
+ return NULL;
+ }
+
+ op = &kcm_optable[opcode];
+ if (op->fn_recv == NULL) {
+ op->fn_recv = kcm_op_common_recv;
+ }
+ return op;
+}
+
+const char *kcm_opt_name(struct kcm_op *op)
+{
+ if (op == NULL || op->name == NULL) {
+ return "Unknown operation";
+ }
+
+ return op->name;
+}
diff --git a/src/responder/kcm/kcmsrv_ops.h b/src/responder/kcm/kcmsrv_ops.h
new file mode 100644
index 0000000000000000000000000000000000000000..8e6feaf56a10b73c8b6375aea9ef26c392b5b492
--- /dev/null
+++ b/src/responder/kcm/kcmsrv_ops.h
@@ -0,0 +1,45 @@
+/*
+ SSSD
+
+ KCM Server - private header file
+
+ Copyright (C) Red Hat, 2016
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __KCMSRV_OPS_H__
+#define __KCMSRV_OPS_H__
+
+#include "config.h"
+
+#include <sys/types.h>
+#include "util/sss_iobuf.h"
+#include "responder/kcm/kcmsrv_pvt.h"
+
+struct kcm_op;
+struct kcm_op *kcm_get_opt(uint16_t opcode);
+const char *kcm_opt_name(struct kcm_op *op);
+
+struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct kcm_resp_ctx *kcm_data,
+ struct cli_creds *client,
+ struct kcm_data *input,
+ struct kcm_op *op);
+errno_t kcm_cmd_recv(TALLOC_CTX *mem_ctx,
+ struct tevent_req *req,
+ struct sss_iobuf **_reply);
+
+#endif /* __KCMSRV_OPS_H__ */
--
2.9.3