KLStatus KLLoginOptionsSetProxiable (KLLoginOptions ioOptions,
KLBoolean inProxiable)
{
LOG_ENTRY();
heim_krb5_get_init_creds_opt_set_proxiable(ioOptions->opt, inProxiable);
return klNoErr;
}
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_preauth_list(mit_krb5_get_init_creds_opt *opt,
mit_krb5_preauthtype *preauth_list,
int preauth_list_length)
{
LOG_ENTRY();
}
void KRB5_CALLCONV
krb5_get_init_creds_opt_free(mit_krb5_context context,
mit_krb5_get_init_creds_opt *opt)
{
LOG_ENTRY();
free(opt);
}
cc_int32
cc_iterator_next(cc_ccache_iterator_t in_ccache_iterator,
cc_ccache_t *out_ccache)
{
struct cc_iter *c = (struct cc_iter *)in_ccache_iterator;
krb5_error_code ret;
krb5_ccache id;
LOG_ENTRY();
if (out_ccache == NULL)
return ccErrBadParam;
while (1) {
const char *type;
ret = mit_krb5_cccol_cursor_next((mit_krb5_context)milcontext, c->cursor, (mit_krb5_ccache *)&id);
if (ret == KRB5_CC_END || id == NULL)
return ccIteratorEnd;
else if (ret)
return LOG_FAILURE(ret, "ccol next cursor");
type = heim_krb5_cc_get_type(milcontext, id);
if (strcmp(type, "API") == 0 || strcmp(type, "KCM") == 0)
break;
heim_krb5_cc_close(milcontext, id);
}
*out_ccache = create_ccache(id);
return ccNoError;
}
mit_krb5_error_code KRB5_CALLCONV
krb5_c_string_to_key(mit_krb5_context context,
mit_krb5_enctype enctype,
const mit_krb5_data *string,
const mit_krb5_data *salt,
mit_krb5_keyblock *key)
{
krb5_data hstring;
krb5_error_code ret;
krb5_salt hsalt;
krb5_keyblock hkey;
LOG_ENTRY();
mshim_mdata2hdata(string, &hstring);
hsalt.salttype = (krb5_salttype)KRB5_PADATA_PW_SALT;
mshim_mdata2hdata(salt, &hsalt.saltvalue);
ret = heim_krb5_string_to_key_data_salt(HC(context), enctype,
hstring, hsalt, &hkey);
heim_krb5_data_free(&hstring);
heim_krb5_data_free(&hsalt.saltvalue);
if (ret)
return ret;
mshim_hkeyblock2mkeyblock(&hkey, key);
heim_krb5_free_keyblock_contents(HC(context), &hkey);
return 0;
}
static cc_int32
ccache_set_principal(cc_ccache_t io_ccache, cc_uint32 in_credentials_version, const char *in_principal)
{
struct cc_ccache *c = (struct cc_ccache *)io_ccache;
krb5_error_code ret;
krb5_principal p;
LOG_ENTRY();
if (in_principal == NULL)
return ccErrBadParam;
if (in_credentials_version != cc_credentials_v5)
return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version");
update_time(&c->change_time);
update_time(&context_change_time);
ret = heim_krb5_parse_name(milcontext, in_principal, &p);
if (ret)
return LOG_FAILURE(ccErrBadParam, "parse name");
ret = heim_krb5_cc_initialize(milcontext, c->id, p);
heim_krb5_free_principal(milcontext, p);
if (ret)
return LOG_FAILURE(ccErrInvalidCCache, "init cache");
return ccNoError;
}
static cc_int32
ccache_new_credentials_iterator(cc_ccache_t in_ccache, cc_credentials_iterator_t *out_credentials_iterator)
{
struct cc_ccache *c = (struct cc_ccache *)in_ccache;
struct cred_iterator *ci;
krb5_error_code ret;
LOG_ENTRY();
if (c == NULL || c->id == NULL)
return ccErrInvalidCCache;
if (out_credentials_iterator == NULL)
return ccErrBadParam;
ci = calloc(1, sizeof(*c));
ci->iterator.functions = &cred_iter_functions;
ci->id = c->id;
ret = mit_krb5_cc_start_seq_get((mit_krb5_context)milcontext,
(mit_krb5_ccache)c->id,
(mit_krb5_cc_cursor *)&ci->cursor);
if (ret) {
free(ci);
return LOG_FAILURE(ccErrInvalidCCache, "start seq");
}
*out_credentials_iterator = (cc_credentials_iterator_t)ci;
return ccNoError;
}
void
mshim_herror2merror(krb5_context context, const krb5_error *h, mit_krb5_error *m)
{
LOG_ENTRY();
memset(m, 0, sizeof(*m));
m->magic = MIT_KV5M_ERROR;
if (h->ctime)
m->ctime = *h->ctime;
if (h->cusec)
m->cusec = *h->cusec;
m->stime = h->stime;
m->susec = h->susec;
#if 0
m->client = mshim_hprinc2mprinc(context, h->client);
m->server = mshim_hprinc2mprinc(context, h->server);
#endif
m->error = h->error_code;
if (h->e_text) {
m->text.magic = MIT_KV5M_DATA;
m->text.data = strdup(*(h->e_text));
m->text.length = strlen(*(h->e_text));
}
if (h->e_data)
mshim_hdata2mdata(h->e_data, &m->e_data);
#if 0
krb5_principal client; /* client's principal identifier;
optional */
krb5_principal server; /* server's principal identifier */
#endif
}
void KRB5_CALLCONV
mit_krb5_free_keyblock(mit_krb5_context context, mit_krb5_keyblock *keyblock)
{
LOG_ENTRY();
mit_krb5_free_keyblock_contents(context, keyblock);
free(keyblock);
}
KLStatus
KLGetTripletFromPrincipal(KLPrincipal inPrincipal,
char **outName,
char **outInstance,
char **outRealm)
{
LOG_ENTRY();
if (outName)
*outName = NULL;
if (outInstance)
*outInstance = NULL;
if (outRealm)
*outInstance = NULL;
if (inPrincipal == NULL)
return klParameterErr;
switch (inPrincipal->name.name_string.len) {
case 2:
if (outInstance)
*outInstance = strdup(inPrincipal->name.name_string.val[1]);
case 1:
if (outName)
*outName = strdup(inPrincipal->name.name_string.val[0]);
break;
default:
return klInvalidOptionErr;
}
if (outRealm)
*outRealm = strdup(inPrincipal->realm);
return klNoErr;
}
mit_krb5_error_code KRB5_CALLCONV
krb5_unparse_name(mit_krb5_context context, mit_krb5_const_principal principal, char **str)
{
struct comb_principal *p = (struct comb_principal *)principal;
LOG_ENTRY();
return heim_krb5_unparse_name((krb5_context)context, p->heim, str);
}
KLStatus
KLLoginOptionsSetTicketStartTime (KLLoginOptions ioOptions,
KLTime inStartTime)
{
LOG_ENTRY();
return klNoErr;
}
KLStatus
KLLoginOptionsSetAddressless (KLLoginOptions ioOptions,
KLBoolean inAddressless)
{
LOG_ENTRY();
return klNoErr;
}
KLStatus KLLoginOptionsSetRenewableLifetime (KLLoginOptions ioOptions,
KLLifetime inRenewableLifetime)
{
LOG_ENTRY();
heim_krb5_get_init_creds_opt_set_renew_life(ioOptions->opt, inRenewableLifetime);
return klNoErr;
}
cc_int32
cc_initialize(cc_context_t *out_context,
cc_int32 in_version,
cc_int32 *out_supported_version,
char const **out_vendor)
{
LOG_ENTRY();
mshim_init_context();
update_time(&context_change_time);
if (in_version < ccapi_version_3 || in_version > ccapi_version_7)
return ccErrBadAPIVersion;
if (out_context == NULL)
return ccErrBadParam;
*out_context = calloc(1, sizeof(**out_context));
(*out_context)->functions = &cc_functions;
if (out_supported_version)
*out_supported_version = ccapi_version_7;
if (out_vendor)
*out_vendor = "Apple Heimdal shim layer";
return 0;
}
void KRB5_CALLCONV
mit_krb5_free_data(mit_krb5_context context, mit_krb5_data *data)
{
LOG_ENTRY();
mit_krb5_free_data_contents(context, data);
free(data);
}
static cc_int32
ccache_get_principal(cc_ccache_t in_ccache, cc_uint32 in_credentials_version, cc_string_t *out_principal)
{
struct cc_ccache *c = (struct cc_ccache *)in_ccache;
krb5_principal princ;
krb5_error_code ret;
char *name;
LOG_ENTRY();
if (out_principal == NULL)
return ccErrBadParam;
if (in_credentials_version != cc_credentials_v5)
return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version");
if (c->id == NULL)
return ccErrInvalidCCache;
ret = heim_krb5_cc_get_principal(milcontext, c->id, &princ);
if (ret)
return LOG_FAILURE(ret, "get principal");
ret = heim_krb5_unparse_name(milcontext, princ, &name);
heim_krb5_free_principal(milcontext, princ);
if (ret)
return LOG_FAILURE(ret, "unparse name");
*out_principal = create_string(name);
free(name);
return ccNoError;
}
void KRB5_CALLCONV
mit_krb5_free_data_contents(mit_krb5_context context, mit_krb5_data *data)
{
LOG_ENTRY();
free(data->data);
memset(data, 0, sizeof(*data));
}
static cc_int32
ccache_store_credentials(cc_ccache_t io_ccache, const cc_credentials_union *in_credentials_union)
{
struct cc_ccache *c = (struct cc_ccache *)io_ccache;
krb5_error_code ret;
krb5_creds hcred;
LOG_ENTRY();
if (in_credentials_union == NULL)
return ccErrBadParam;
if (in_credentials_union->version != cc_credentials_v5)
return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version");
if (in_credentials_union->credentials.credentials_v5->client == NULL)
return ccErrBadParam;
update_time(&c->change_time);
update_time(&context_change_time);
make_cred_from_ccred(milcontext, in_credentials_union->credentials.credentials_v5, &hcred);
ret = heim_krb5_cc_store_cred(milcontext, c->id, &hcred);
heim_krb5_free_cred_contents(milcontext, &hcred);
if (ret)
return LOG_FAILURE(ccErrInvalidCCache, "store cred");
return ccNoError;
}
void KRB5_CALLCONV
mit_krb5_free_creds(mit_krb5_context context, mit_krb5_creds *cred)
{
LOG_ENTRY();
mit_krb5_free_cred_contents(context, cred);
free(cred);
}
static cc_int32
ccache_compare(cc_ccache_t in_ccache, cc_ccache_t in_compare_to_ccache, cc_uint32 *out_equal)
{
struct cc_ccache *s1 = (struct cc_ccache *)in_ccache;
struct cc_ccache *s2 = (struct cc_ccache *)in_compare_to_ccache;
krb5_error_code ret;
char *n1, *n2;
LOG_ENTRY();
if (out_equal == NULL || s2 == NULL)
return ccErrBadParam;
if (s1 == s2) {
*out_equal = 1;
return ccNoError;
}
if (s1->id == NULL || s2->id == NULL)
return ccErrInvalidCCache;
ret = heim_krb5_cc_get_full_name(milcontext, s1->id, &n1);
if (ret)
return ccErrInvalidCCache;
ret = heim_krb5_cc_get_full_name(milcontext, s2->id, &n2);
if (ret) {
free(n1);
return ccErrInvalidCCache;
}
*out_equal = (strcmp(n1, n2) == 0);
free(n1);
free(n2);
return ccNoError;
}
mit_krb5_error_code KRB5_CALLCONV
mit_krb5_os_localaddr(mit_krb5_context context, mit_krb5_address ***addresses)
{
mit_krb5_address **a;
krb5_addresses addrs;
krb5_error_code ret;
unsigned i;
LOG_ENTRY();
*addresses = NULL;
addrs.len = 0;
addrs.val = NULL;
ret = heim_krb5_get_all_client_addrs(HC(context), &addrs);
if (ret)
return ret;
a = calloc(addrs.len + 1, sizeof(a[0]));
for (i = 0; i < addrs.len; i++) {
a[i] = calloc(1, sizeof(mit_krb5_address));
a[i]->addrtype = addrs.val[i].addr_type;
a[i]->length = addrs.val[i].address.length;
a[i]->contents = mshim_malloc(addrs.val[i].address.length);
memcpy(a[i]->contents, addrs.val[i].address.data, addrs.val[i].address.length);
}
a[i] = NULL;
return 0;
}
mit_krb5_error_code KRB5_CALLCONV
krb5_set_default_tgs_enctypes(mit_krb5_context context,
const mit_krb5_enctype *enc)
{
LOG_ENTRY();
return heim_krb5_set_default_in_tkt_etypes(HC(context), (krb5_enctype *)enc);
}
mit_krb5_error_code KRB5_CALLCONV
krb5_kt_read_service_key(mit_krb5_context context,
mit_krb5_pointer keyprocarg,
mit_krb5_principal principal,
mit_krb5_kvno vno,
mit_krb5_enctype enctype,
mit_krb5_keyblock **key)
{
mit_krb5_keytab keytab;
mit_krb5_keytab_entry entry;
mit_krb5_error_code ret;
LOG_ENTRY();
if (keyprocarg)
ret = krb5_kt_resolve (context, keyprocarg, &keytab);
else
ret = krb5_kt_default (context, &keytab);
if (ret)
return ret;
ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry);
krb5_kt_close (context, keytab);
if (ret)
return ret;
ret = krb5_copy_keyblock (context, &entry.key, key);
krb5_kt_free_entry(context, &entry);
return ret;
}
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_canonicalize(mit_krb5_get_init_creds_opt *opt,
int canonicalize)
{
LOG_ENTRY();
opt->flags |= MIT_KRB5_GET_INIT_CREDS_OPT_CANONICALIZE;
}
static cc_int32
context_open_default_ccache(cc_context_t in_context,
cc_ccache_t *out_ccache)
{
krb5_error_code ret;
krb5_ccache id;
LOG_ENTRY();
if (out_ccache == NULL)
return ccErrBadParam;
ret = heim_krb5_cc_default(milcontext, &id);
if (ret)
return LOG_FAILURE(ret, "cc default");
if (!check_exists(id)) {
heim_krb5_cc_close(milcontext, id);
return ccErrCCacheNotFound;
}
*out_ccache = create_ccache(id);
return ccNoError;
}
mit_krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_keytab(mit_krb5_context context,
mit_krb5_creds *creds,
mit_krb5_principal client,
mit_krb5_keytab arg_keytab,
mit_krb5_deltat start_time,
char *in_tkt_service,
mit_krb5_get_init_creds_opt *mopt)
{
struct comb_principal *p = (struct comb_principal *)client;
krb5_get_init_creds_opt *opt = NULL;
krb5_error_code ret;
krb5_creds hcreds;
LOG_ENTRY();
opt = mshim_gic_opt(HC(context), mopt);
memset(creds, 0, sizeof(*creds));
memset(&hcreds, 0, sizeof(hcreds));
ret = heim_krb5_get_init_creds_keytab(HC(context), &hcreds, p->heim,
(krb5_keytab)arg_keytab,
start_time, in_tkt_service, opt);
if (opt)
heim_krb5_get_init_creds_opt_free(HC(context), opt);
if (ret)
return ret;
mshim_hcred2mcred(HC(context), &hcreds, creds);
heim_krb5_free_cred_contents(HC(context), &hcreds);
return ret;
}
static cc_int32
context_new_ccache_iterator(cc_context_t in_context,
cc_ccache_iterator_t *out_iterator)
{
krb5_error_code ret;
struct cc_iter *c;
LOG_ENTRY();
if (out_iterator == NULL)
return ccErrBadParam;
c = calloc(1, sizeof(*c));
c->iterator.functions = &ccache_iterator_functions;
ret = mit_krb5_cccol_cursor_new((mit_krb5_context)milcontext, &c->cursor);
if (ret) {
free(c);
return ccErrNoMem;
}
*out_iterator = (cc_ccache_iterator_t)c;
return ccNoError;
}
KLStatus KLLoginOptionsSetTicketLifetime (KLLoginOptions ioOptions,
KLLifetime inTicketLifetime)
{
LOG_ENTRY();
heim_krb5_get_init_creds_opt_set_tkt_life(ioOptions->opt, inTicketLifetime);
return klNoErr;
}
void KRB5_CALLCONV
krb5_get_init_creds_opt_set_forwardable(mit_krb5_get_init_creds_opt *opt,
int forwardable)
{
LOG_ENTRY();
opt->flags |= MIT_KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
opt->forwardable = forwardable;
}
