Example #1
0
void
mshim_mcred2hcred(krb5_context context, mit_krb5_creds *m, krb5_creds *h)
{
    struct comb_principal *p;
    memset(h, 0, sizeof(*h));

    p = (struct comb_principal *)m->client;
    heim_krb5_copy_principal(context, p->heim, &h->client);
    p = (struct comb_principal *)m->server;
    heim_krb5_copy_principal(context, p->heim, &h->server);

    h->session.keytype = m->keyblock.enctype;
    heim_krb5_data_copy(&h->session.keyvalue, m->keyblock.contents, m->keyblock.length);

    heim_krb5_data_copy(&h->ticket, m->ticket.data, m->ticket.length);

    h->times.authtime = m->times.authtime;
    h->times.starttime = m->times.starttime;
    h->times.endtime = m->times.endtime;
    h->times.renew_till = m->times.renew_till;

    h->flags.i = 0;
    if (m->ticket_flags & MIT_TKT_FLG_FORWARDABLE)
	h->flags.b.forwardable = 1;
    if (m->ticket_flags & MIT_TKT_FLG_FORWARDED)
	h->flags.b.forwarded = 1;
    if (m->ticket_flags & MIT_TKT_FLG_PROXIABLE)
	h->flags.b.proxiable = 1;
    if (m->ticket_flags & MIT_TKT_FLG_PROXY)
	h->flags.b.proxy = 1;
    if (m->ticket_flags & MIT_TKT_FLG_MAY_POSTDATE)
	h->flags.b.may_postdate = 1;
    if (m->ticket_flags & MIT_TKT_FLG_POSTDATED)
	h->flags.b.postdated = 1;
    if (m->ticket_flags & MIT_TKT_FLG_INVALID)
	h->flags.b.invalid = 1;
    if (m->ticket_flags & MIT_TKT_FLG_RENEWABLE)
	h->flags.b.renewable = 1;
    if (m->ticket_flags & MIT_TKT_FLG_INITIAL)
	h->flags.b.initial = 1;
    if (m->ticket_flags & MIT_TKT_FLG_PRE_AUTH)
	h->flags.b.pre_authent = 1;
    if (m->ticket_flags & MIT_TKT_FLG_HW_AUTH)
	h->flags.b.hw_authent = 1;
    if (m->ticket_flags & MIT_TKT_FLG_TRANSIT_POLICY_CHECKED)
	h->flags.b.transited_policy_checked = 1;
    if (m->ticket_flags & MIT_TKT_FLG_OK_AS_DELEGATE)
	h->flags.b.ok_as_delegate = 1;
    if (m->ticket_flags & MIT_TKT_FLG_ANONYMOUS)
	h->flags.b.anonymous = 1;

}
Example #2
0
KLStatus KLCreatePrincipalFromKerberos5Principal (void           *inKerberos5Principal,
                                                  KLPrincipal    *outPrincipal)
{
    if (inKerberos5Principal == NULL)
	return klParameterErr;
    return heim_krb5_copy_principal(milcontext, inKerberos5Principal, outPrincipal);
}
Example #3
0
KLStatus KLCreatePrincipalFromPrincipal (KLPrincipal inPrincipal,
                                         KLPrincipal *outPrincipal)
{
    if (inPrincipal == NULL)
	return klParameterErr;
    return heim_krb5_copy_principal(milcontext, inPrincipal, outPrincipal);
}
mit_krb5_principal
mshim_hprinc2mprinc(krb5_context context, krb5_principal princ)
{
    struct comb_principal *p;
    p = calloc(1, sizeof(*p));
    heim_krb5_copy_principal(context, princ, &p->heim);
    map_mit_principal(p);
    return (mit_krb5_principal)p;
}
Example #5
0
KLStatus KLCacheHasValidTickets (KLPrincipal         inPrincipal,
                                 KLKerberosVersion   inKerberosVersion,
                                 KLBoolean          *outFoundValidTickets,
                                 KLPrincipal        *outPrincipal,
                                 char              **outCredCacheName)
{
    krb5_error_code ret;
    krb5_creds *ocreds = NULL;

    LOG_ENTRY();

    if (outPrincipal)
	*outPrincipal = NULL;

    if (CHECK_VERSION(inKerberosVersion))
	return LOG_FAILURE(klInvalidVersionErr, "wrong version");

    ret = fetch_creds(inPrincipal, &ocreds, outCredCacheName);

    if (ret == 0) {
	time_t t = time(NULL);
	/* consinder tickets that are slightly too young as valid
	 * since might just have fetched them */
	*outFoundValidTickets =
	       (ocreds->times.starttime - 10 < t)
	    && (t < ocreds->times.endtime);

	if (outPrincipal)
	    (void)heim_krb5_copy_principal(milcontext, ocreds->client, outPrincipal);
	heim_krb5_free_creds(milcontext, ocreds);
    } else {
	LOG_FAILURE(ret, "fetch tickets failed");
	ret = 0;
	*outFoundValidTickets = 0;
    }


    return LOG_FAILURE(ret, "KLCacheHasValidTickets");
}