static cc_int32 ccache_set_principal(cc_ccache_t io_ccache, cc_uint32 in_credentials_version, const char *in_principal) { struct cc_ccache *c = (struct cc_ccache *)io_ccache; krb5_error_code ret; krb5_principal p; LOG_ENTRY(); if (in_principal == NULL) return ccErrBadParam; if (in_credentials_version != cc_credentials_v5) return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version"); update_time(&c->change_time); update_time(&context_change_time); ret = heim_krb5_parse_name(milcontext, in_principal, &p); if (ret) return LOG_FAILURE(ccErrBadParam, "parse name"); ret = heim_krb5_cc_initialize(milcontext, c->id, p); heim_krb5_free_principal(milcontext, p); if (ret) return LOG_FAILURE(ccErrInvalidCCache, "init cache"); return ccNoError; }
KLStatus KLAcquireNewInitialTicketsWithPassword(KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_ccache cache; krb5_creds creds; char *service = NULL; krb5_get_init_creds_opt *opt = NULL; LOG_ENTRY(); if (inLoginOptions) { service = inLoginOptions->service; opt = inLoginOptions->opt; } ret = heim_krb5_get_init_creds_password(context, &creds, inPrincipal, inPassword, NULL, NULL, 0, service, opt); if (ret) return ret; ret = heim_krb5_cc_cache_match(context, inPrincipal, &cache); if (ret) ret = heim_krb5_cc_new_unique(context, NULL, NULL, &cache); if (ret) goto out; ret = heim_krb5_cc_initialize(context, cache, creds.client); if(ret) goto out; ret = heim_krb5_cc_store_cred(context, cache, &creds); if (ret) goto out; if (outCredCacheName) *outCredCacheName = strdup(heim_krb5_cc_get_name(context, cache)); out: if (cache) { if (ret) krb5_cc_destroy((mit_krb5_context)context, (mit_krb5_ccache)cache); else heim_krb5_cc_close(context, cache); } heim_krb5_free_cred_contents(context, &creds); return ret; }
static cc_int32 context_create_default_ccache(cc_context_t in_context, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache) { krb5_principal principal; krb5_error_code ret; struct cc_ccache *c; krb5_ccache id; LOG_ENTRY(); if (in_cred_vers != cc_credentials_v5) return ccErrBadCredentialsVersion; if (out_ccache == NULL || in_principal == NULL) return ccErrBadParam; *out_ccache = NULL; update_time(&context_change_time); ret = heim_krb5_cc_default(milcontext, &id); if (ret) return LOG_FAILURE(ret, "cc default"); ret = heim_krb5_parse_name(milcontext, in_principal, &principal); if (ret) { heim_krb5_cc_close(milcontext, id); return LOG_FAILURE(ret, "parse name"); } ret = heim_krb5_cc_initialize(milcontext, id, principal); heim_krb5_free_principal(milcontext, principal); if (ret) { mit_krb5_cc_destroy((mit_krb5_context)milcontext, (mit_krb5_ccache)id); return LOG_FAILURE(ret, "cc init"); } c = (struct cc_ccache *)create_ccache(id); update_time(&c->last_default_time); *out_ccache = (cc_ccache_t)c; return ccNoError; }
static cc_int32 context_create_new_ccache(cc_context_t in_context, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache) { krb5_principal principal; krb5_error_code ret; krb5_ccache id; LOG_ENTRY(); if (in_cred_vers != cc_credentials_v5) return ccErrBadCredentialsVersion; if (out_ccache == NULL || in_principal == NULL) return ccErrBadParam; update_time(&context_change_time); ret = heim_krb5_parse_name(milcontext, in_principal, &principal); if (ret) return LOG_FAILURE(ret, "parse name"); ret = heim_krb5_cc_new_unique(milcontext, NULL, NULL, &id); if (ret) { heim_krb5_free_principal(milcontext, principal); return LOG_FAILURE(ret, "new unique"); } ret = heim_krb5_cc_initialize(milcontext, id, principal); heim_krb5_free_principal(milcontext, principal); if (ret) { mit_krb5_cc_destroy((mit_krb5_context)milcontext, (mit_krb5_ccache)id); return LOG_FAILURE(ret, "cc init"); } *out_ccache = create_ccache(id); return ccNoError; }
KLStatus KLRenewInitialTickets(KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, KLPrincipal *outPrincipal, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_creds in, *cred = NULL; krb5_ccache id; krb5_kdc_flags flags; krb5_const_realm realm; krb5_principal principal = NULL; memset(&in, 0, sizeof(in)); LOG_ENTRY(); if (outPrincipal) *outPrincipal = NULL; if (outCredCacheName) *outCredCacheName = NULL; if (inPrincipal) { principal = inPrincipal; } else { ret = heim_krb5_get_default_principal(context, &principal); if (ret) return ret; } ret = heim_krb5_cc_cache_match(context, principal, &id); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); return ret; } in.client = principal; realm = heim_krb5_principal_get_realm(context, in.client); if (inLoginOptions && inLoginOptions->service) ret = heim_krb5_make_principal(context, &in.server, realm, inLoginOptions->service, NULL); else ret = heim_krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); heim_krb5_cc_close(context, id); return ret; } flags.i = 0; if (inLoginOptions) flags.i = inLoginOptions->opt->flags; /* Pull out renewable from previous ticket */ ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in, &cred); if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); if (ret == 0 && cred) { flags.b.renewable = cred->flags.b.renewable; heim_krb5_free_creds (context, cred); cred = NULL; } flags.b.renew = 1; ret = heim_krb5_get_kdc_cred(context, id, flags, NULL, NULL, &in, &cred); heim_krb5_free_principal(context, in.server); if (ret) goto out; ret = heim_krb5_cc_initialize(context, id, in.client); if (ret) goto out; ret = heim_krb5_cc_store_cred(context, id, cred); out: if (cred) heim_krb5_free_creds (context, cred); heim_krb5_cc_close(context, id); return ret; }