ccs_ccache.c   [plain text]

/*
 * $Header$
 *
 * Copyright 2006, 2007 Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 * require a specific license from the United States Government.
 * It is the responsibility of any person or organization contemplating
 * export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 */

#include "ccs_common.h"
#include "ccs_os_notify.h"

struct ccs_ccache_d {
    cci_identifier_t identifier;
    au_asid_t session_id;
    ccs_lock_state_t lock_state;
    cc_uint32 creds_version;
    char *name;
    char *v4_principal;
    char *v5_principal;
    cc_time_t last_default_time;
    cc_time_t last_changed_time;
    cc_uint32 kdc_time_offset_v4_valid;
    cc_time_t kdc_time_offset_v4;
    cc_uint32 kdc_time_offset_v5_valid;
    cc_time_t kdc_time_offset_v5;
    ccs_credentials_list_t credentials;
    ccs_callback_array_t change_callbacks;
};

struct ccs_ccache_d ccs_ccache_initializer = { NULL, 0, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, NULL, NULL };

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_new (ccs_ccache_t      *out_ccache,
			 au_asid_t	    in_session_id,
                         cc_uint32          in_creds_version,
                         const char        *in_name,
                         const char        *in_principal,
                         ccs_ccache_list_t  io_ccache_list)
{
    cc_int32 err = ccNoError;
    ccs_ccache_t ccache = NULL;
    
    if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
    if (!in_name     ) { err = cci_check_error (ccErrBadParam); }
    if (!in_principal) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        ccache = malloc (sizeof (*ccache));
        if (ccache) { 
            *ccache = ccs_ccache_initializer;
        } else {
            err = cci_check_error (ccErrNoMem); 
        }
    }
    
    if (!err) {
	ccache->session_id = in_session_id;
	ccs_session_add(in_session_id);
    }

    if (!err) {
        err = ccs_server_new_identifier (&ccache->identifier);
    }
    
    if (!err) {
        err = ccs_lock_state_new (&ccache->lock_state,
                                  ccErrInvalidCCache,
                                  ccErrCCacheLocked,
                                  ccErrCCacheUnlocked);
    }
    
    if (!err) {
        ccache->name = strdup (in_name);
        if (!ccache->name) { err = cci_check_error (ccErrNoMem); }
    }
    
    if (!err) {
        ccache->creds_version = in_creds_version;

        if (ccache->creds_version == cc_credentials_v4) {
            ccache->v4_principal = strdup (in_principal);
            if (!ccache->v4_principal) { err = cci_check_error (ccErrNoMem); }
            
        } else if (ccache->creds_version == cc_credentials_v5) {
            ccache->v5_principal = strdup (in_principal);
            if (!ccache->v5_principal) { err = cci_check_error (ccErrNoMem); }

        } else {
            err = cci_check_error (ccErrBadCredentialsVersion);
        }
    }
    
    if (!err) {
        err = ccs_credentials_list_new (&ccache->credentials);
    }
    
    if (!err) {
        err = ccs_callback_array_new (&ccache->change_callbacks);
    }
    
    if (!err) {
        cc_uint64 now = time (NULL);
        cc_uint64 count = 0;
        
        err = ccs_ccache_list_count (io_ccache_list, &count);
        
        if (!err) {
            /* first cache is default */
            ccache->last_default_time = (count == 0) ? now : 0;
	    cci_debug_printf ("%s ccache->last_default_time is %d.", 
			     __FUNCTION__, ccache->last_default_time);
            ccache->last_changed_time = now;
        }
    }
        
    if (!err) {
        /* Add self to the list of ccaches */
        err = ccs_ccache_list_add (io_ccache_list, ccache);
    }
    
    if (!err) {
        *out_ccache = ccache;
        ccache = NULL;
    }
    
    ccs_ccache_release (ccache);
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_reset (ccs_ccache_t            io_ccache,
			   ccs_cache_collection_t  io_cache_collection,
                           cc_uint32               in_creds_version,
                           const char             *in_principal)
{
    cc_int32 err = ccNoError;
    char *v4_principal = NULL;
    char *v5_principal = NULL;
    ccs_credentials_list_t credentials = NULL;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_principal       ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        io_ccache->creds_version = in_creds_version;
        
        if (io_ccache->creds_version == cc_credentials_v4) {
            v4_principal = strdup (in_principal);
            if (!v4_principal) { err = cci_check_error (ccErrNoMem); }
            
        } else if (io_ccache->creds_version == cc_credentials_v5) {
            v5_principal = strdup (in_principal);
            if (!v5_principal) { err = cci_check_error (ccErrNoMem); }
            
        } else {
            err = cci_check_error (ccErrBadCredentialsVersion);
        }
    }
    
    if (!err) {
        err = ccs_credentials_list_new (&credentials);
    }
    
    if (!err) {
        io_ccache->kdc_time_offset_v4 = 0;
        io_ccache->kdc_time_offset_v4_valid = 0;
        io_ccache->kdc_time_offset_v5 = 0;
        io_ccache->kdc_time_offset_v5_valid = 0;
        
        if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
        io_ccache->v4_principal = v4_principal;
        v4_principal = NULL; /* take ownership */
        
        if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
        io_ccache->v5_principal = v5_principal;
        v5_principal = NULL; /* take ownership */

        ccs_credentials_list_release (io_ccache->credentials);
        io_ccache->credentials = credentials;
        credentials = NULL; /* take ownership */
        
	err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    free (v4_principal);
    free (v5_principal);
    ccs_credentials_list_release (credentials);
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache, 
                                   ccs_ccache_t           io_destination_ccache,
				   ccs_cache_collection_t io_cache_collection)
{
    cc_int32 err = ccNoError;
    
    if (!io_source_ccache     ) { err = cci_check_error (ccErrBadParam); }
    if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        struct ccs_ccache_d temp_ccache = *io_destination_ccache;
        
        /* swap everything */
        *io_destination_ccache = *io_source_ccache;
        *io_source_ccache = temp_ccache;
        
        /* swap back the name and identifier */
        io_source_ccache->identifier = io_destination_ccache->identifier;
        io_destination_ccache->identifier = temp_ccache.identifier;
        
        io_source_ccache->name = io_destination_ccache->name;
        io_destination_ccache->name = temp_ccache.name;
    }
    
    if (!err) {
        err = ccs_ccache_changed (io_source_ccache, io_cache_collection);
    }
    
    if (!err) {
        err = ccs_ccache_changed (io_destination_ccache, io_cache_collection);
    }
    
    return cci_check_error (err);
}

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_release (ccs_ccache_t io_ccache)
{
    cc_int32 err = ccNoError;
    
    if (!err && io_ccache) {
        cci_identifier_release (io_ccache->identifier);
        ccs_lock_state_release (io_ccache->lock_state);
        free (io_ccache->name);
        free (io_ccache->v4_principal);
        free (io_ccache->v5_principal);
        ccs_credentials_list_release (io_ccache->credentials);
        ccs_callback_array_release (io_ccache->change_callbacks);
        free (io_ccache);
    }
    
    return cci_check_error (err);    
}

#ifdef TARGET_OS_MAC
#pragma mark -
#endif

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_compare_identifier (ccs_ccache_t      in_ccache,
                                        cci_identifier_t  in_identifier,
                                        cc_uint32        *out_equal)
{
    cc_int32 err = ccNoError;
    
    if (!in_ccache    ) { err = cci_check_error (ccErrBadParam); }
    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
    if (!out_equal    ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = cci_identifier_compare (in_ccache->identifier, 
                                      in_identifier, 
                                      out_equal);
    }
    
    return cci_check_error (err);
}

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_compare_name (ccs_ccache_t  in_ccache,
                                  const char   *in_name,
                                  cc_uint32    *out_equal)
{
    cc_int32 err = ccNoError;
    
    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
    if (!in_name  ) { err = cci_check_error (ccErrBadParam); }
    if (!out_equal) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        *out_equal = (strcmp (in_ccache->name, in_name) == 0);
    }
    
    return cci_check_error (err);
}

#ifdef TARGET_OS_MAC
#pragma mark -
#endif

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_changed (ccs_ccache_t           io_ccache,
                             ccs_cache_collection_t io_cache_collection)
{
    cc_int32 err = ccNoError;
    k5_ipc_stream reply_data = NULL;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        cc_time_t now = time (NULL);
        
        if (io_ccache->last_changed_time < now) {
            io_ccache->last_changed_time = now;
        } else {
            io_ccache->last_changed_time++;
        }
    }
    
    if (!err) {
        err = ccs_cache_collection_changed (io_cache_collection);
    }
    
    if (!err) {
        err = k5_ipc_stream_new (&reply_data);
    }
    
    if (!err) {
	err = k5_ipc_stream_write_time (reply_data, io_ccache->last_changed_time);
    }

    if (!err) {
	/* Loop over callbacks sending messages to them */
	cc_uint64 i;
        cc_uint64 count = ccs_callback_array_count (io_ccache->change_callbacks);
        
        for (i = 0; !err && i < count; i++) {
            ccs_callback_t callback = ccs_callback_array_object_at_index (io_ccache->change_callbacks, i);
            
	    err = ccs_callback_reply_to_client (callback, reply_data);
	    
	    if (!err) {
		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
		err = ccs_callback_array_remove (io_ccache->change_callbacks, i);
		break;
	    }
        }
    }
    
    if (!err) {
        err = ccs_os_notify_ccache_changed (io_cache_collection, 
                                            io_ccache->name);
    }
    
    k5_ipc_stream_release (reply_data);
    
    return cci_check_error (err);
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_invalidate_change_callback (ccs_callback_owner_t io_ccache,
						       ccs_callback_t       in_callback)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache  ) { err = cci_check_error (ccErrBadParam); }
    if (!in_callback) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
	/* Remove callback */
	ccs_ccache_t ccache = (ccs_ccache_t) io_ccache;
	cc_uint64 i;
        cc_uint64 count = ccs_callback_array_count (ccache->change_callbacks);
        
        for (i = 0; !err && i < count; i++) {
            ccs_callback_t callback = ccs_callback_array_object_at_index (ccache->change_callbacks, i);
            
	    if (callback == in_callback) {
		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
		err = ccs_callback_array_remove (ccache->change_callbacks, i);
		break;
	    }
        }
    }
    
    return cci_check_error (err);
}

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_notify_default_state_changed (ccs_ccache_t           io_ccache,
                                                  ccs_cache_collection_t io_cache_collection,
                                                  cc_uint32              in_new_default_state)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    
    if (!err && in_new_default_state) {
        cc_time_t now = time (NULL);
        
        if (io_ccache->last_default_time < now) {
            io_ccache->last_default_time = now;
        } else {
            io_ccache->last_default_time++;
        }
    }
    
    if (!err) {
        err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    return cci_check_error (err);
}

#ifdef TARGET_OS_MAC
#pragma mark -
#endif

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_find_credentials_iterator (ccs_ccache_t                in_ccache,
                                               cci_identifier_t            in_identifier,
                                               ccs_credentials_iterator_t *out_credentials_iterator)
{
    cc_int32 err = ccNoError;
    
    if (!in_ccache               ) { err = cci_check_error (ccErrBadParam); }
    if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
    if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = ccs_credentials_list_find_iterator (in_ccache->credentials,
                                                  in_identifier,
                                                  out_credentials_iterator);
    }
    
    // Don't report ccErrInvalidCredentials to the log file.  Non-fatal.
    return (err == ccErrInvalidCredentials) ? err : cci_check_error (err);
}

#ifdef TARGET_OS_MAC
#pragma mark -
#endif

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_write (ccs_ccache_t in_ccache,
                           k5_ipc_stream io_stream)
{
    cc_int32 err = ccNoError;
    
    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = cci_identifier_write (in_ccache->identifier, io_stream);
    }
    
    return cci_check_error (err);    
}


/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_write_name (ccs_ccache_t in_ccache,
                                k5_ipc_stream io_stream)
{
    cc_int32 err = ccNoError;
    
    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_write_string (io_stream, in_ccache->name);
    }
    
    return cci_check_error (err);    
}

#ifdef TARGET_OS_MAC
#pragma mark -
#pragma mark -- IPC Messages --
#endif

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_destroy (ccs_ccache_t           io_ccache,
                                    ccs_cache_collection_t io_cache_collection,
                                    k5_ipc_stream           in_request_data,
                                    k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = ccs_cache_collection_destroy_ccache (io_cache_collection, 
                                                   io_ccache->identifier);
    }
    
    if (!err) {
        /* ccache has been destroyed so just mark the cache collection */
        err = ccs_cache_collection_changed (io_cache_collection);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_set_default (ccs_ccache_t           io_ccache,
                                        ccs_cache_collection_t io_cache_collection,
                                        k5_ipc_stream           in_request_data,
                                        k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = ccs_cache_collection_set_default_ccache (io_cache_collection, 
                                                       io_ccache->identifier);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_get_credentials_version (ccs_ccache_t           io_ccache,
                                                    ccs_cache_collection_t io_cache_collection,
                                                    k5_ipc_stream           in_request_data,
                                                    k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_write_uint32 (io_reply_data, io_ccache->creds_version);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_get_name (ccs_ccache_t           io_ccache,
                                     ccs_cache_collection_t io_cache_collection,
                                     k5_ipc_stream           in_request_data,
                                     k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_write_string (io_reply_data, io_ccache->name);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_get_principal (ccs_ccache_t           io_ccache,
                                          ccs_cache_collection_t io_cache_collection,
                                          k5_ipc_stream           in_request_data,
                                          k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cc_uint32 version = 0;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_read_uint32 (in_request_data, &version);
    }
    
    if (!err && version == cc_credentials_v4_v5) {
        err = cci_check_error (ccErrBadCredentialsVersion);
    }
    
    if (!err) {
        if (version == cc_credentials_v4) {
            err = k5_ipc_stream_write_string (io_reply_data, io_ccache->v4_principal);
            
        } else if (version == cc_credentials_v5) {
            err = k5_ipc_stream_write_string (io_reply_data, io_ccache->v5_principal);
            
        } else {
            err = cci_check_error (ccErrBadCredentialsVersion);
        }
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_set_principal (ccs_ccache_t           io_ccache,
                                          ccs_cache_collection_t io_cache_collection,
                                          k5_ipc_stream           in_request_data,
                                          k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cc_uint32 version = 0;
    char *principal = NULL;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_read_uint32 (in_request_data, &version);
    }
    
    if (!err) {
        err = k5_ipc_stream_read_string (in_request_data, &principal);
    }
    
    if (!err) {
        /* reset KDC time offsets because they are per-KDC */
        if (version == cc_credentials_v4) {
            io_ccache->kdc_time_offset_v4 = 0;
            io_ccache->kdc_time_offset_v4_valid = 0;
            
            if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
            io_ccache->v4_principal = principal;
            principal = NULL; /* take ownership */
            
            
        } else if (version == cc_credentials_v5) {
            io_ccache->kdc_time_offset_v5 = 0;
            io_ccache->kdc_time_offset_v5_valid = 0;
            
            if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
            io_ccache->v5_principal = principal;
            principal = NULL; /* take ownership */

        } else {
            err = cci_check_error (ccErrBadCredentialsVersion);
        }
    }
    
    if (!err) {
        io_ccache->creds_version |= version;
        
        err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    k5_ipc_stream_free_string (principal);
        
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_store_credentials (ccs_ccache_t           io_ccache,
                                              ccs_cache_collection_t io_cache_collection,
                                              k5_ipc_stream           in_request_data,
                                              k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    ccs_credentials_t credentials = NULL;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = ccs_credentials_new (&credentials, in_request_data, 
                                   io_ccache->creds_version, 
                                   io_ccache->credentials);
    }
    
    if (!err) {
        err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_remove_credentials (ccs_ccache_t           io_ccache,
                                               ccs_cache_collection_t io_cache_collection,
                                               k5_ipc_stream           in_request_data,
                                               k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cci_identifier_t credentials_identifier = NULL;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = cci_identifier_read (&credentials_identifier, in_request_data);
    }
    
    if (!err) {
        err = ccs_credentials_list_remove (io_ccache->credentials, credentials_identifier);
    }
    
    if (!err) {
        err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    cci_identifier_release (credentials_identifier);
        
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_new_credentials_iterator (ccs_ccache_t           io_ccache,
                                                     ccs_cache_collection_t io_cache_collection,
                                                     ccs_pipe_t             in_client_pipe,
                                                     k5_ipc_stream           in_request_data,
                                                     k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    ccs_credentials_iterator_t credentials_iterator = NULL;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = ccs_credentials_list_new_iterator (io_ccache->credentials,
                                                 in_client_pipe,
                                                 &credentials_iterator);
    }
    
    if (!err) {
        err = ccs_credentials_list_iterator_write (credentials_iterator, io_reply_data);
    }
        
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_move (ccs_ccache_t           io_ccache,
                                 ccs_cache_collection_t io_cache_collection,
                                 k5_ipc_stream           in_request_data,
                                 k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cci_identifier_t source_identifier = NULL;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        /* Note: message is sent as the destination ccache to avoid     */
        /* extra work on the server when deleting it the source ccache. */
        err = cci_identifier_read (&source_identifier, in_request_data);
    }
    
    if (!err) {
        err = ccs_ccache_collection_move_ccache (io_cache_collection,
                                                 source_identifier, 
                                                 io_ccache);
    }
    
    if (!err) {
        err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    cci_identifier_release (source_identifier);
        
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_lock (ccs_pipe_t             in_client_pipe,
                                 ccs_pipe_t             in_reply_pipe,
                                 ccs_ccache_t           io_ccache,
                                 ccs_cache_collection_t io_cache_collection,
                                 k5_ipc_stream           in_request_data,
                                 cc_uint32              *out_will_block,
                                 k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cc_uint32 lock_type;
    cc_uint32 block;
    
    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
    if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_read_uint32 (in_request_data, &lock_type);
    }
    
    if (!err) {
        err = k5_ipc_stream_read_uint32 (in_request_data, &block);
    }
    
    if (!err) {
        err = ccs_lock_state_add (io_ccache->lock_state, 
                                  in_client_pipe, in_reply_pipe, 
                                  lock_type, block, out_will_block);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_unlock (ccs_pipe_t             in_client_pipe,
                                   ccs_ccache_t           io_ccache,
                                   ccs_cache_collection_t io_cache_collection,
                                   k5_ipc_stream           in_request_data,
                                   k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    
    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
    if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = ccs_lock_state_remove (io_ccache->lock_state, in_client_pipe);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_get_last_default_time (ccs_ccache_t           io_ccache,
                                                  ccs_cache_collection_t io_cache_collection,
                                                  k5_ipc_stream           in_request_data,
                                                  k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err && io_ccache->last_default_time == 0) {
        err = cci_check_error (ccErrNeverDefault);
    }
    
    if (!err) {
        err = k5_ipc_stream_write_time (io_reply_data, io_ccache->last_default_time);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_get_change_time (ccs_ccache_t           io_ccache,
                                            ccs_cache_collection_t io_cache_collection,
                                            k5_ipc_stream           in_request_data,
                                            k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_wait_for_change (ccs_pipe_t              in_client_pipe,
					    ccs_pipe_t              in_reply_pipe,
					    ccs_ccache_t            io_ccache,
					    ccs_cache_collection_t  io_cache_collection,
					    k5_ipc_stream            in_request_data,
					    k5_ipc_stream            io_reply_data,
					    cc_uint32              *out_will_block)
{
    cc_int32 err = ccNoError;
    cc_time_t last_wait_for_change_time = 0;
    cc_uint32 will_block = 0;
    
    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
    if (!ccs_pipe_valid (in_reply_pipe )) { err = cci_check_error (ccErrBadParam); }
    if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_read_time (in_request_data, &last_wait_for_change_time);
    }
    
    if (!err) {
	if (last_wait_for_change_time < io_ccache->last_changed_time) {
	    cci_debug_printf ("%s returning immediately", __FUNCTION__);
	    err = k5_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time);
	    
	} else {
	    ccs_callback_t callback = NULL;

	    err = ccs_callback_new (&callback, 
				    ccErrInvalidCCache, 
				    in_client_pipe, 
				    in_reply_pipe,
				    (ccs_callback_owner_t) io_ccache,
				    ccs_ccache_invalidate_change_callback);
	
	    if (!err) {
		err = ccs_callback_array_insert (io_ccache->change_callbacks, callback,
						 ccs_callback_array_count (io_ccache->change_callbacks));
		if (!err) { callback = NULL; /* take ownership */ }
		
		cci_debug_printf ("%s blocking", __FUNCTION__);
		will_block = 1;
	    }
	    
	    ccs_callback_release (callback);
	}
    }
	
    if (!err) {
	*out_will_block = will_block;
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_get_kdc_time_offset (ccs_ccache_t           io_ccache,
                                                ccs_cache_collection_t io_cache_collection,
                                                k5_ipc_stream           in_request_data,
                                                k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cc_uint32 cred_vers = 0;
        
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers);
    }
    
    if (!err) {
        if (cred_vers == cc_credentials_v4) {
            if (io_ccache->kdc_time_offset_v4_valid) {
                err = k5_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v4);
            } else {
                err = cci_check_error (ccErrTimeOffsetNotSet);
            }
            
        } else if (cred_vers == cc_credentials_v5) {
            if (io_ccache->kdc_time_offset_v5_valid) {
                err = k5_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v5);
            } else {
                err = cci_check_error (ccErrTimeOffsetNotSet);
            }
            
        } else {
            err = cci_check_error (ccErrBadCredentialsVersion);
        }
    }
        
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_set_kdc_time_offset (ccs_ccache_t           io_ccache,
                                                ccs_cache_collection_t io_cache_collection,
                                                k5_ipc_stream           in_request_data,
                                                k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cc_uint32 cred_vers = 0;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers);
    }
    
    if (!err) {
        if (cred_vers == cc_credentials_v4) {
            err = k5_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v4);
            
            if (!err) {
                io_ccache->kdc_time_offset_v4_valid = 1;
            }
        } else if (cred_vers == cc_credentials_v5) {
            err = k5_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v5);
            
            if (!err) {
                io_ccache->kdc_time_offset_v5_valid = 1;
            }
        } else {
            err = cci_check_error (ccErrBadCredentialsVersion);
        }
    }
    
    if (!err) {
        err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    return cci_check_error (err);    
}

/* ------------------------------------------------------------------------ */

static cc_int32 ccs_ccache_clear_kdc_time_offset (ccs_ccache_t           io_ccache,
                                                  ccs_cache_collection_t io_cache_collection,
                                                  k5_ipc_stream           in_request_data,
                                                  k5_ipc_stream           io_reply_data)
{
    cc_int32 err = ccNoError;
    cc_uint32 cred_vers = 0;
    
    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers);
    }
    
    if (!err) {
        if (cred_vers == cc_credentials_v4) {
            io_ccache->kdc_time_offset_v4 = 0;
            io_ccache->kdc_time_offset_v4_valid = 0;
            
        } else if (cred_vers == cc_credentials_v5) {
            io_ccache->kdc_time_offset_v5 = 0;
            io_ccache->kdc_time_offset_v5_valid = 0;
            
        } else {
            err = cci_check_error (ccErrBadCredentialsVersion);
        }
    }
        
    if (!err) {
        err = ccs_ccache_changed (io_ccache, io_cache_collection);
    }
    
    return cci_check_error (err);    
}

#ifdef TARGET_OS_MAC
#pragma mark -
#endif

/* ------------------------------------------------------------------------ */

cc_int32 ccs_ccache_handle_message (ccs_pipe_t              in_client_pipe,
                                    ccs_pipe_t              in_reply_pipe,
                                    ccs_ccache_t            io_ccache,
                                    ccs_cache_collection_t  io_cache_collection,
                                    enum cci_msg_id_t       in_request_name,
                                    k5_ipc_stream            in_request_data,
                                    cc_uint32              *out_will_block,
                                    k5_ipc_stream           *out_reply_data)
{
    cc_int32 err = ccNoError;
    cc_uint32 will_block = 0;
    k5_ipc_stream reply_data = NULL;
    
    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
    if (!out_reply_data                 ) { err = cci_check_error (ccErrBadParam); }
    
    if (!err) {
        err = k5_ipc_stream_new (&reply_data);
    }
    
    if (!err) {
        if (in_request_name == cci_ccache_destroy_msg_id) {
            err = ccs_ccache_destroy (io_ccache, io_cache_collection,
                                      in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_set_default_msg_id) {
            err = ccs_ccache_set_default (io_ccache, io_cache_collection,
                                          in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_get_credentials_version_msg_id) {
            err = ccs_ccache_get_credentials_version (io_ccache, io_cache_collection,
                                                      in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_get_name_msg_id) {
            err = ccs_ccache_get_name (io_ccache, io_cache_collection,
                                       in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_get_principal_msg_id) {
            err = ccs_ccache_get_principal (io_ccache, io_cache_collection,
                                            in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_set_principal_msg_id) {
            err = ccs_ccache_set_principal (io_ccache, io_cache_collection,
                                            in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_store_credentials_msg_id) {
            err = ccs_ccache_store_credentials (io_ccache, io_cache_collection,
                                                in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_remove_credentials_msg_id) {
            err = ccs_ccache_remove_credentials (io_ccache, io_cache_collection,
                                                 in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_new_credentials_iterator_msg_id) {
            err = ccs_ccache_new_credentials_iterator (io_ccache, 
                                                       io_cache_collection,
                                                       in_client_pipe,
                                                       in_request_data, 
                                                       reply_data);
            
        } else if (in_request_name == cci_ccache_move_msg_id) {
            err = ccs_ccache_move (io_ccache, io_cache_collection,
                                   in_request_data, reply_data);
                                       
        } else if (in_request_name == cci_ccache_lock_msg_id) {
            err = ccs_ccache_lock (in_client_pipe, in_reply_pipe, 
                                   io_ccache, io_cache_collection,
                                   in_request_data, 
                                   &will_block, reply_data);
            
        } else if (in_request_name == cci_ccache_unlock_msg_id) {
            err = ccs_ccache_unlock (in_client_pipe, 
                                     io_ccache, io_cache_collection,
                                     in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_get_last_default_time_msg_id) {
            err = ccs_ccache_get_last_default_time (io_ccache, io_cache_collection,
                                                    in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_get_change_time_msg_id) {
            err = ccs_ccache_get_change_time (io_ccache, io_cache_collection,
                                              in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_wait_for_change_msg_id) {
            err = ccs_ccache_wait_for_change (in_client_pipe, in_reply_pipe, 
					      io_ccache, io_cache_collection,
					      in_request_data, reply_data,
					      &will_block);
            
        } else if (in_request_name == cci_ccache_get_kdc_time_offset_msg_id) {
            err = ccs_ccache_get_kdc_time_offset (io_ccache, io_cache_collection,
                                                  in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_set_kdc_time_offset_msg_id) {
            err = ccs_ccache_set_kdc_time_offset (io_ccache, io_cache_collection,
                                                  in_request_data, reply_data);
            
        } else if (in_request_name == cci_ccache_clear_kdc_time_offset_msg_id) {
            err = ccs_ccache_clear_kdc_time_offset (io_ccache, io_cache_collection,
                                                    in_request_data, reply_data);
            
        } else {
            err = ccErrBadInternalMessage;
        }
    }
    
    if (!err) {
        *out_will_block = will_block;
        if (!will_block) {
            *out_reply_data = reply_data;
            reply_data = NULL; /* take ownership */
        } else {
            *out_reply_data = NULL;
        }
    }
    
    k5_ipc_stream_release (reply_data);
    
    return cci_check_error (err);
}

cc_int32
css_ccache_valid(ccs_ccache_t ccache, cc_time_t now, int *valid)
{
    ccs_credentials_iterator_t credentials_iterator = NULL;
    cc_int32 err = ccNoError;

    err = ccs_credentials_list_new_iterator (ccache->credentials,
					     CCS_PIPE_NULL,
					     &credentials_iterator);

    while (!err && *valid == 0) {
	ccs_credentials_t credentials = NULL;

	err = ccs_credentials_list_iterator_next (credentials_iterator,
						  &credentials);
	if (!err)
	    err = ccs_credentials_valid(credentials, now, valid);
    }
    if (err == ccIteratorEnd) { err = ccNoError; }

    if (credentials_iterator)
	ccs_credentials_list_iterator_release (credentials_iterator);
    
    return err;
}


cc_int32
ccs_ccache_kill_session(ccs_ccache_t ccache, 
			ccs_cache_collection_t io_cache_collection,
			au_asid_t session_id)
{
    if (ccache->session_id == session_id)
	ccs_cache_collection_destroy_ccache(io_cache_collection,
					    ccache->identifier);
}