static OM_uint32 inquire_sec_context_tkt_flags (OM_uint32 *minor_status, const gsskrb5_ctx context_handle, gss_buffer_set_t *data_set) { OM_uint32 tkt_flags; unsigned char buf[4]; gss_buffer_desc value; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); _gsskrb5_set_status(EINVAL, "No ticket from which to obtain flags"); *minor_status = EINVAL; return GSS_S_BAD_MECH; } tkt_flags = TicketFlags2int(context_handle->ticket->ticket.flags); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); _gsskrb5_encode_om_uint32(tkt_flags, buf); value.length = sizeof(buf); value.value = buf; return gss_add_buffer_set_member(minor_status, &value, data_set); }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds(krb5_storage *sp, krb5_creds *creds) { int ret; ret = krb5_store_principal(sp, creds->client); if(ret) return ret; ret = krb5_store_principal(sp, creds->server); if(ret) return ret; ret = krb5_store_keyblock(sp, creds->session); if(ret) return ret; ret = krb5_store_times(sp, creds->times); if(ret) return ret; ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */ if(ret) return ret; ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b))); if(ret) return ret; ret = krb5_store_addrs(sp, creds->addresses); if(ret) return ret; ret = krb5_store_authdata(sp, creds->authdata); if(ret) return ret; ret = krb5_store_data(sp, creds->ticket); if(ret) return ret; ret = krb5_store_data(sp, creds->second_ticket); return ret; }
static void parse_ticket_flags(krb5_context context, const char *string, krb5_ticket_flags *ret_flags) { TicketFlags ff; int flags = parse_flags(string, asn1_TicketFlags_units(), 0); if (flags == -1) /* XXX */ krb5_errx(context, 1, "bad flags specified: \"%s\"", string); memset(&ff, 0, sizeof(ff)); ff.proxy = 1; if (parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff)) ret_flags->i = flags; else ret_flags->i = bitswap32(flags); }
OM_uint32 _gsskrb5_get_tkt_flags(OM_uint32 *minor_status, gsskrb5_ctx ctx, OM_uint32 *tkt_flags) { if (ctx == NULL) { *minor_status = EINVAL; return GSS_S_NO_CONTEXT; } HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->ticket == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); *minor_status = EINVAL; return GSS_S_BAD_MECH; } *tkt_flags = TicketFlags2int(ctx->ticket->ticket.flags); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); *minor_status = 0; return GSS_S_COMPLETE; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) { int ret; int32_t header = 0; if (creds->client) header |= SC_CLIENT_PRINCIPAL; if (creds->server) header |= SC_SERVER_PRINCIPAL; if (creds->session.keytype != ETYPE_NULL) header |= SC_SESSION_KEY; if (creds->ticket.data) header |= SC_TICKET; if (creds->second_ticket.length) header |= SC_SECOND_TICKET; if (creds->authdata.len) header |= SC_AUTHDATA; if (creds->addresses.len) header |= SC_ADDRESSES; ret = krb5_store_int32(sp, header); if (ret) return ret; if (creds->client) { ret = krb5_store_principal(sp, creds->client); if(ret) return ret; } if (creds->server) { ret = krb5_store_principal(sp, creds->server); if(ret) return ret; } if (creds->session.keytype != ETYPE_NULL) { ret = krb5_store_keyblock(sp, creds->session); if(ret) return ret; } ret = krb5_store_times(sp, creds->times); if(ret) return ret; ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */ if(ret) return ret; ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b))); if(ret) return ret; if (creds->addresses.len) { ret = krb5_store_addrs(sp, creds->addresses); if(ret) return ret; } if (creds->authdata.len) { ret = krb5_store_authdata(sp, creds->authdata); if(ret) return ret; } if (creds->ticket.data) { ret = krb5_store_data(sp, creds->ticket); if(ret) return ret; } if (creds->second_ticket.data) { ret = krb5_store_data(sp, creds->second_ticket); if (ret) return ret; } return ret; }
static void print_cred_verbose(krb5_context context, krb5_creds *cred) { int j; char *str; krb5_error_code ret; krb5_timestamp sec; krb5_timeofday (context, &sec); ret = krb5_unparse_name(context, cred->server, &str); if(ret) exit(1); printf(N_("Server: %s\n", ""), str); free (str); ret = krb5_unparse_name(context, cred->client, &str); if(ret) exit(1); printf(N_("Client: %s\n", ""), str); free (str); { Ticket t; size_t len; char *s; decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); ret = krb5_enctype_to_string(context, t.enc_part.etype, &s); printf(N_("Ticket etype: ", "")); if (ret == 0) { printf("%s", s); free(s); } else { printf(N_("unknown-enctype(%d)", ""), t.enc_part.etype); } if(t.enc_part.kvno) printf(N_(", kvno %d", ""), *t.enc_part.kvno); printf("\n"); if(cred->session.keytype != t.enc_part.etype) { ret = krb5_enctype_to_string(context, cred->session.keytype, &str); if(ret) krb5_warn(context, ret, "session keytype"); else { printf(N_("Session key: %s\n", "enctype"), str); free(str); } } free_Ticket(&t); printf(N_("Ticket length: %lu\n", ""), (unsigned long)cred->ticket.length); } printf(N_("Auth time: %s\n", ""), printable_time_long(cred->times.authtime)); if(cred->times.authtime != cred->times.starttime) printf(N_("Start time: %s\n", ""), printable_time_long(cred->times.starttime)); printf(N_("End time: %s", ""), printable_time_long(cred->times.endtime)); if(sec > cred->times.endtime) printf(N_(" (expired)", "")); printf("\n"); if(cred->flags.b.renewable) printf(N_("Renew till: %s\n", ""), printable_time_long(cred->times.renew_till)); { char flags[1024]; unparse_flags(TicketFlags2int(cred->flags.b), asn1_TicketFlags_units(), flags, sizeof(flags)); printf(N_("Ticket flags: %s\n", ""), flags); } printf(N_("Addresses: ", "")); if (cred->addresses.len != 0) { for(j = 0; j < cred->addresses.len; j++){ char buf[128]; size_t len; if(j) printf(", "); ret = krb5_print_address(&cred->addresses.val[j], buf, sizeof(buf), &len); if(ret == 0) printf("%s", buf); } } else { printf(N_("addressless", "")); } printf("\n\n"); }
/** * Get the flags from the Kerberos ticket * * @param context Kerberos context * @param ticket Kerberos ticket * * @return ticket flags * * @ingroup krb5_ticket */ KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_ticket_get_flags(krb5_context context, const krb5_ticket *ticket) { return TicketFlags2int(ticket->ticket.flags); }
unsigned long krb5_creds_get_ticket_flags(krb5_creds *creds) { return TicketFlags2int(creds->flags.b); }
KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_creds_get_ticket_flags(krb5_creds *creds) { return TicketFlags2int(creds->flags.b); }
/** * Get the flags from the Kerberos ticket * * @param context Kerberos context * @param ticket Kerberos ticket * * @return ticket flags * * @ingroup krb5_ticket */ unsigned long krb5_ticket_get_flags(krb5_context context, const krb5_ticket *ticket) { return TicketFlags2int(ticket->ticket.flags); }