static krb5_error_code fetch_creds(KLPrincipal inPrincipal, krb5_creds **ocreds, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_principal princ = NULL; krb5_creds in_creds; krb5_const_realm realm; krb5_error_code ret; krb5_ccache id = NULL; LOG_ENTRY(); memset(&in_creds, 0, sizeof(in_creds)); if (inPrincipal) { ret = heim_krb5_cc_cache_match(context, inPrincipal, &id); } else { ret = heim_krb5_cc_default(context, &id); if (ret == 0) ret = heim_krb5_cc_get_principal(context, id, &princ); inPrincipal = princ; } if (ret) goto out; realm = heim_krb5_principal_get_realm(context, inPrincipal); ret = heim_krb5_make_principal(context, &in_creds.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) goto out; in_creds.client = inPrincipal; ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in_creds, ocreds); heim_krb5_free_principal(context, in_creds.server); if (outCredCacheName) *outCredCacheName = strdup(heim_krb5_cc_get_name(context, id)); out: if (id) heim_krb5_cc_close(context, id); if (princ) heim_krb5_free_principal(context, princ); return LOG_FAILURE(ret, "fetch_creds"); }
static cc_int32 ccache_set_principal(cc_ccache_t io_ccache, cc_uint32 in_credentials_version, const char *in_principal) { struct cc_ccache *c = (struct cc_ccache *)io_ccache; krb5_error_code ret; krb5_principal p; LOG_ENTRY(); if (in_principal == NULL) return ccErrBadParam; if (in_credentials_version != cc_credentials_v5) return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version"); update_time(&c->change_time); update_time(&context_change_time); ret = heim_krb5_parse_name(milcontext, in_principal, &p); if (ret) return LOG_FAILURE(ccErrBadParam, "parse name"); ret = heim_krb5_cc_initialize(milcontext, c->id, p); heim_krb5_free_principal(milcontext, p); if (ret) return LOG_FAILURE(ccErrInvalidCCache, "init cache"); return ccNoError; }
static cc_int32 ccache_get_principal(cc_ccache_t in_ccache, cc_uint32 in_credentials_version, cc_string_t *out_principal) { struct cc_ccache *c = (struct cc_ccache *)in_ccache; krb5_principal princ; krb5_error_code ret; char *name; LOG_ENTRY(); if (out_principal == NULL) return ccErrBadParam; if (in_credentials_version != cc_credentials_v5) return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version"); if (c->id == NULL) return ccErrInvalidCCache; ret = heim_krb5_cc_get_principal(milcontext, c->id, &princ); if (ret) return LOG_FAILURE(ret, "get principal"); ret = heim_krb5_unparse_name(milcontext, princ, &name); heim_krb5_free_principal(milcontext, princ); if (ret) return LOG_FAILURE(ret, "unparse name"); *out_principal = create_string(name); free(name); return ccNoError; }
KLStatus KLDisposePrincipal (KLPrincipal inPrincipal) { LOG_ENTRY(); if (inPrincipal == NULL) return klNoErr; heim_krb5_free_principal(milcontext, inPrincipal); return klNoErr; }
void KRB5_CALLCONV krb5_free_principal(mit_krb5_context context, mit_krb5_principal principal) { struct comb_principal *p = (struct comb_principal *)principal; LOG_ENTRY(); if (p) { heim_krb5_free_principal(HC(context), p->heim); free(p->mit.data); free(p); } }
static cc_int32 context_create_new_ccache(cc_context_t in_context, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache) { krb5_principal principal; krb5_error_code ret; krb5_ccache id; LOG_ENTRY(); if (in_cred_vers != cc_credentials_v5) return ccErrBadCredentialsVersion; if (out_ccache == NULL || in_principal == NULL) return ccErrBadParam; update_time(&context_change_time); ret = heim_krb5_parse_name(milcontext, in_principal, &principal); if (ret) return LOG_FAILURE(ret, "parse name"); ret = heim_krb5_cc_new_unique(milcontext, NULL, NULL, &id); if (ret) { heim_krb5_free_principal(milcontext, principal); return LOG_FAILURE(ret, "new unique"); } ret = heim_krb5_cc_initialize(milcontext, id, principal); heim_krb5_free_principal(milcontext, principal); if (ret) { mit_krb5_cc_destroy((mit_krb5_context)milcontext, (mit_krb5_ccache)id); return LOG_FAILURE(ret, "cc init"); } *out_ccache = create_ccache(id); return ccNoError; }
static cc_int32 check_exists(krb5_ccache id) { krb5_principal princ; int ret; ret = heim_krb5_cc_get_principal(milcontext, id, &princ); if (ret) return 0; heim_krb5_free_principal(milcontext, princ); return 1; }
static cc_int32 context_create_default_ccache(cc_context_t in_context, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache) { krb5_principal principal; krb5_error_code ret; struct cc_ccache *c; krb5_ccache id; LOG_ENTRY(); if (in_cred_vers != cc_credentials_v5) return ccErrBadCredentialsVersion; if (out_ccache == NULL || in_principal == NULL) return ccErrBadParam; *out_ccache = NULL; update_time(&context_change_time); ret = heim_krb5_cc_default(milcontext, &id); if (ret) return LOG_FAILURE(ret, "cc default"); ret = heim_krb5_parse_name(milcontext, in_principal, &principal); if (ret) { heim_krb5_cc_close(milcontext, id); return LOG_FAILURE(ret, "parse name"); } ret = heim_krb5_cc_initialize(milcontext, id, principal); heim_krb5_free_principal(milcontext, principal); if (ret) { mit_krb5_cc_destroy((mit_krb5_context)milcontext, (mit_krb5_ccache)id); return LOG_FAILURE(ret, "cc init"); } c = (struct cc_ccache *)create_ccache(id); update_time(&c->last_default_time); *out_ccache = (cc_ccache_t)c; return ccNoError; }
mit_krb5_error_code KRB5_CALLCONV krb5_sname_to_principal(mit_krb5_context context, const char *hostname, const char *service, mit_krb5_int32 type, mit_krb5_principal *principal) { krb5_error_code ret; krb5_principal p; LOG_ENTRY(); *principal = NULL; ret = heim_krb5_sname_to_principal(HC(context), hostname, service, type, &p); if (ret) return ret; *principal = mshim_hprinc2mprinc(HC(context), p); heim_krb5_free_principal(HC(context), p); return 0; }
KLStatus KLRenewInitialTickets(KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, KLPrincipal *outPrincipal, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_creds in, *cred = NULL; krb5_ccache id; krb5_kdc_flags flags; krb5_const_realm realm; krb5_principal principal = NULL; memset(&in, 0, sizeof(in)); LOG_ENTRY(); if (outPrincipal) *outPrincipal = NULL; if (outCredCacheName) *outCredCacheName = NULL; if (inPrincipal) { principal = inPrincipal; } else { ret = heim_krb5_get_default_principal(context, &principal); if (ret) return ret; } ret = heim_krb5_cc_cache_match(context, principal, &id); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); return ret; } in.client = principal; realm = heim_krb5_principal_get_realm(context, in.client); if (inLoginOptions && inLoginOptions->service) ret = heim_krb5_make_principal(context, &in.server, realm, inLoginOptions->service, NULL); else ret = heim_krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); heim_krb5_cc_close(context, id); return ret; } flags.i = 0; if (inLoginOptions) flags.i = inLoginOptions->opt->flags; /* Pull out renewable from previous ticket */ ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in, &cred); if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); if (ret == 0 && cred) { flags.b.renewable = cred->flags.b.renewable; heim_krb5_free_creds (context, cred); cred = NULL; } flags.b.renew = 1; ret = heim_krb5_get_kdc_cred(context, id, flags, NULL, NULL, &in, &cred); heim_krb5_free_principal(context, in.server); if (ret) goto out; ret = heim_krb5_cc_initialize(context, id, in.client); if (ret) goto out; ret = heim_krb5_cc_store_cred(context, id, cred); out: if (cred) heim_krb5_free_creds (context, cred); heim_krb5_cc_close(context, id); return ret; }