static krb5_error_code
kcm_op_get_ntlm_user_list(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
struct kcm_ntlm_cred *c;
krb5_error_code ret;
for (c = ntlm_head; c != NULL; c = c->next) {
if (!kcm_is_same_session(client, c->uid, c->session))
continue;
ret = krb5_store_uint32(response, 1);
if (ret)
return ret;
ret = krb5_store_stringz(response, c->user);
if (ret)
return ret;
ret = krb5_store_stringz(response, c->domain);
if (ret)
return ret;
}
return krb5_store_uint32(response, 0);
}
static krb5_error_code
kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_error_code ret;
krb5_kcmcache *oldk = KCMCACHE(from);
krb5_kcmcache *newk = KCMCACHE(to);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, oldk->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_stringz(request, newk->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
*
* Request:
* NameZ
* ClientPrincipal
* ServerPrincipalPresent
* ServerPrincipal OPTIONAL
* Password
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_initial_ticket(krb5_context context,
krb5_ccache id,
krb5_principal client,
krb5_principal server,
const char *password)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
if (id->ops != &krb5_kcm_ops && id->ops != &krb5_akcm_ops) {
krb5_set_error_message(context, EINVAL, "Cache is not a KCM cache");
return EINVAL;
}
ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_principal(request, client);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
if (ret) {
krb5_storage_free(request);
return ret;
}
if (server != NULL) {
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
}
ret = krb5_store_stringz(request, password);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_krb_tf_setup(krb5_context context,
struct credentials *v4creds,
const char *tkfile,
int append)
{
krb5_error_code ret;
krb5_storage *sp;
sp = krb5_storage_emem();
if (sp == NULL)
return ENOMEM;
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
krb5_storage_set_eof_code(sp, KRB5_CC_IO);
krb5_clear_error_string(context);
if (!append) {
RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error);
}
/* cred */
RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error);
ret = krb5_storage_write(sp, v4creds->session, 8);
if (ret != 8) {
ret = KRB5_CC_IO;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error);
RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error);
RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error);
ret = krb5_storage_write(sp, v4creds->ticket_st.dat,
v4creds->ticket_st.length);
if (ret != v4creds->ticket_st.length) {
ret = KRB5_CC_IO;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error);
ret = write_v4_cc(context, tkfile, sp, append);
error:
krb5_storage_free(sp);
return ret;
}
static krb5_error_code
put_nir(krb5_storage *sp, const char *name,
const char *instance, const char *realm)
{
krb5_error_code ret;
RCHECK(ret, krb5_store_stringz(sp, name), error);
RCHECK(ret, krb5_store_stringz(sp, instance), error);
if (realm) {
RCHECK(ret, krb5_store_stringz(sp, realm), error);
}
error:
return ret;
}
static krb5_error_code
kcm_op_get_cache_by_uuid(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
krb5_error_code ret;
kcmuuid_t uuid;
ssize_t sret;
kcm_ccache cache;
KCM_LOG_REQUEST(context, client, opcode);
sret = krb5_storage_read(request, &uuid, sizeof(uuid));
if (sret != sizeof(uuid)) {
krb5_clear_error_message(context);
return KRB5_CC_IO;
}
ret = kcm_ccache_resolve_by_uuid(context, uuid, &cache);
if (ret)
return ret;
ret = kcm_access(context, client, opcode, cache);
if (ret)
ret = KRB5_FCC_NOFILE;
if (ret == 0)
ret = krb5_store_stringz(response, cache->name);
kcm_release_ccache(context, cache);
return ret;
}
static int
make_result (krb5_data *data,
uint16_t result_code,
const char *expl)
{
krb5_error_code ret;
krb5_storage *sp;
sp = krb5_storage_emem();
if (sp == NULL) goto out;
ret = krb5_store_uint16(sp, result_code);
if (ret) goto out;
ret = krb5_store_stringz(sp, expl);
if (ret) goto out;
ret = krb5_storage_to_data(sp, data);
if (ret) goto out;
krb5_storage_free(sp);
return 0;
out:
if (sp)
krb5_storage_free(sp);
krb5_warnx (context, "Out of memory generating error reply");
return 1;
}
static krb5_error_code
kcm_op_get_default_cache(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
struct kcm_default_cache *c;
krb5_error_code ret;
const char *name = NULL;
char *n = NULL;
KCM_LOG_REQUEST(context, client, opcode);
for (c = default_caches; c != NULL; c = c->next) {
if (kcm_is_same_session(client, c->uid, c->session)) {
name = c->name;
break;
}
}
if (name == NULL)
name = n = kcm_ccache_first_name(client);
if (name == NULL) {
asprintf(&n, "%d", (int)client->uid);
name = n;
}
if (name == NULL)
return ENOMEM;
ret = krb5_store_stringz(response, name);
if (n)
free(n);
return ret;
}
/*
* Request:
* NameZ
* Mode
*
* Response:
*
*/
krb5_error_code
_krb5_kcm_chmod(krb5_context context,
krb5_ccache id,
u_int16_t mode)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = kcm_storage_request(context, KCM_OP_CHMOD, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int16(request, mode);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request, *response;
krb5_data response_data;
int32_t offset;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret)
return ret;
ret = krb5_ret_int32(response, &offset);
krb5_storage_free(response);
krb5_data_free(&response_data);
if (ret)
return ret;
*kdc_offset = offset;
return 0;
}
static krb5_error_code
kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, (uint32_t)kdc_offset);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_set_flags(krb5_context context,
krb5_ccache id,
krb5_flags flags)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, flags);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Creds
*
* Response:
*
*/
static krb5_error_code
kcm_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_creds(request, creds);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Principal
*
* Response:
*
*/
static krb5_error_code
kcm_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_principal(request, primary_principal);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
if (context->kdc_sec_offset)
kcm_set_kdc_offset(context, id, context->kdc_sec_offset);
return ret;
}
static krb5_error_code
kcm_get_uuid(krb5_context context, krb5_ccache id, krb5_uuid uuid)
{
krb5_storage *request, *response;
krb5_kcmcache *k = KCMCACHE(id);
krb5_data response_data;
krb5_error_code ret;
ssize_t sret;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_UUID, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret)
return ret;
sret = krb5_storage_read(response, uuid, sizeof(krb5_uuid));
krb5_storage_free(response);
if (sret != sizeof(krb5_uuid))
return KRB5_CC_IO;
return 0;
}
static int
calculate(void *ptr,
heim_scram_method method,
unsigned int iterations,
heim_scram_data *salt,
const heim_scram_data *c1,
const heim_scram_data *s1,
const heim_scram_data *c2noproof,
heim_scram_data *proof,
heim_scram_data *server,
heim_scram_data *sessionKey)
{
krb5_error_code ret;
krb5_context context;
krb5_storage *request, *response = NULL;
krb5_data response_data;
scram_id_t ctx = ptr;
ret = krb5_init_context(&context);
if (ret) {
return ret;
}
ret = krb5_kcm_storage_request(context, KCM_OP_DO_SCRAM_AUTH, &request);
if (ret) {
krb5_free_context(context);
return GSS_S_FAILURE;
}
ret = krb5_store_stringz(request, ctx->client);
if (ret == 0)
ret = krb5_store_uint32(request, iterations);
if (ret == 0)
ret = krb5_store_data(request, *salt);
if (ret == 0)
ret = krb5_store_data(request, *c1);
if (ret == 0)
ret = krb5_store_data(request, *s1);
if (ret == 0)
ret = krb5_store_data(request, *c2noproof);
if (ret == 0)
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_free_context(context);
krb5_storage_free(request);
if (ret == 0)
ret = krb5_ret_data(response, proof);
if (ret == 0)
ret = krb5_ret_data(response, server);
if (ret == 0)
ret = krb5_ret_data(response, sessionKey);
if (ret)
ret = KRB5_CC_IO;
if (response)
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
* Creds
*/
static krb5_error_code
kcm_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_kcm_cursor c = KCMCURSOR(*cursor);
krb5_storage *request, *response;
krb5_data response_data;
ssize_t sret;
again:
if (c->offset >= c->length)
return KRB5_CC_END;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
sret = krb5_storage_write(request,
&c->uuids[c->offset],
sizeof(c->uuids[c->offset]));
c->offset++;
if (sret != sizeof(c->uuids[c->offset])) {
krb5_storage_free(request);
krb5_clear_error_message(context);
return ENOMEM;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
krb5_storage_free(request);
if (ret == KRB5_CC_END) {
goto again;
} else if (ret)
return ret;
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
int
krb_mk_req(KTEXT authent,
char *service, char *instance, char *realm,
int32_t checksum)
#endif
{
CREDENTIALS cr;
KTEXT_ST req;
krb5_storage *sp;
int code;
/* XXX get user realm */
const char *myrealm = realm;
krb5_data a;
code = krb_get_cred(service, instance, realm, &cr);
if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
code = get_ad_tkt((char *)service,
(char *)instance, (char *)realm, lifetime);
if(code == KSUCCESS)
code = krb_get_cred(service, instance, realm, &cr);
}
if(code)
return code;
sp = krb5_storage_emem();
krb5_store_int8(sp, KRB_PROT_VERSION);
krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
krb5_store_int8(sp, cr.kvno);
krb5_store_stringz(sp, realm);
krb5_store_int8(sp, cr.ticket_st.length);
build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
encrypt_ktext(&req, &cr.session, DES_ENCRYPT);
krb5_store_int8(sp, req.length);
krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
krb5_storage_write(sp, req.dat, req.length);
krb5_storage_to_data(sp, &a);
krb5_storage_free(sp);
memcpy(authent->dat, a.data, a.length);
authent->length = a.length;
krb5_data_free(&a);
memset(&cr, 0, sizeof(cr));
memset(&req, 0, sizeof(req));
return KSUCCESS;
}
static OM_uint32
_gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
{
krb5_storage *request, *response;
krb5_data response_data;
krb5_context context;
krb5_error_code ret;
ntlm_cred cred;
cred = (ntlm_cred)*cred_handle;
ret = krb5_init_context(&context);
if (ret)
return ret;
ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
if (ret)
goto out;
ret = krb5_store_stringz(request, cred->username);
if (ret)
goto out;
ret = krb5_store_stringz(request, cred->domain);
if (ret)
goto out;
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret)
goto out;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
out:
krb5_free_context(context);
return ret;
}
static void
build_request(KTEXT req,
const char *name, const char *inst, const char *realm,
u_int32_t checksum)
{
struct timeval tv;
krb5_storage *sp;
krb5_data data;
sp = krb5_storage_emem();
krb5_store_stringz(sp, name);
krb5_store_stringz(sp, inst);
krb5_store_stringz(sp, realm);
krb5_store_int32(sp, checksum);
gettimeofday(&tv, NULL);
krb5_store_int8(sp, tv.tv_usec / 5000);
krb5_store_int32(sp, tv.tv_sec);
krb5_storage_to_data(sp, &data);
krb5_storage_free(sp);
memcpy(req->dat, data.data, data.length);
req->length = (data.length + 7) & ~7;
krb5_data_free(&data);
}
/*
* Request:
* NameZ
* WhichFields
* MatchCreds
*
* Response:
* Creds
*
*/
static krb5_error_code
kcm_retrieve(krb5_context context,
krb5_ccache id,
krb5_flags which,
const krb5_creds *mcred,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, which);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_creds_tag(request, rk_UNCONST(mcred));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
OM_uint32
_gss_scram_have_cred(OM_uint32 *minor,
const char *name,
gss_cred_id_t *rcred)
{
krb5_context context;
krb5_error_code ret;
krb5_storage *request = NULL, *response;
krb5_data response_data;
OM_uint32 major;
ret = krb5_init_context(&context);
if (ret) {
*minor = ret;
return GSS_S_FAILURE;
}
ret = krb5_kcm_storage_request(context, KCM_OP_HAVE_SCRAM_CRED, &request);
if (ret)
goto out;
ret = krb5_store_stringz(request, name);
if (ret)
goto out;
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret)
goto out;
request = NULL;
if (rcred) {
*rcred = (gss_cred_id_t)strdup(name);
if (*rcred == NULL)
ret = ENOMEM;
}
out:
if (request)
krb5_storage_free(request);
krb5_free_context(context);
if (ret) {
*minor = ret;
major = GSS_S_FAILURE;
} else
major = GSS_S_COMPLETE;
return major;
}
/*
* Request:
* NameZ
*
* Response:
* Cursor
*
*/
static krb5_error_code
kcm_get_first (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
u_int32_t tmp;
ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_int32(response, &tmp);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
if (ret)
return ret;
*cursor = malloc(sizeof(tmp));
if (*cursor == NULL)
return KRB5_CC_NOMEM;
KCMCURSOR(*cursor) = tmp;
return 0;
}
/*
* Request:
* NameZ
* ServerPrincipalPresent
* ServerPrincipal OPTIONAL
* Key
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_initial_ticket(krb5_context context,
krb5_ccache id,
krb5_principal server,
krb5_keyblock *key)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
if (ret) {
krb5_storage_free(request);
return ret;
}
if (server != NULL) {
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
}
ret = krb5_store_keyblock(request, *key);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* KDCFlags
* EncryptionType
* ServerPrincipal
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_ticket(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
krb5_enctype enctype,
krb5_principal server)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, flags.i);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, enctype);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
* Creds
*/
static krb5_error_code
kcm_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, KCMCURSOR(*cursor));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_krb_cr_err_reply(krb5_context context,
const char *name,
const char *inst,
const char *realm,
uint32_t time_ws,
uint32_t e,
const char *e_string,
krb5_data *data)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data_zero(data);
if (name == NULL) name = "";
if (inst == NULL) inst = "";
if (realm == NULL) realm = "";
if (e_string == NULL) e_string = "";
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
RCHECK(ret, put_nir(sp, name, inst, realm), error);
RCHECK(ret, krb5_store_int32(sp, time_ws), error);
RCHECK(ret, krb5_store_int32(sp, e), error);
RCHECK(ret, krb5_store_stringz(sp, e_string), error);
ret = krb5_storage_to_data(sp, data);
error:
krb5_storage_free(sp);
if (ret)
krb5_set_error_string(context, "Failed to encode kerberos 4 error");
return 0;
}
/*
* Request:
*
* Response:
* NameZ
*/
static krb5_error_code
kcm_op_gen_new(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
krb5_error_code ret;
char *name;
KCM_LOG_REQUEST(context, client, opcode);
name = kcm_ccache_nextid(client->pid, client->uid, client->gid);
if (name == NULL) {
return KRB5_CC_NOMEM;
}
ret = krb5_store_stringz(response, name);
free(name);
return ret;
}
static krb5_error_code
kcm_set_default(krb5_context context, krb5_ccache id)
{
krb5_error_code ret;
krb5_storage *request;
krb5_kcmcache *k = KCMCACHE(id);
ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_unhold(krb5_context context, krb5_ccache id)
{
krb5_storage *request;
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
ret = krb5_kcm_storage_request(context, KCM_OP_RELEASE_KCRED, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
