void
mshim_mcred2hcred(krb5_context context, mit_krb5_creds *m, krb5_creds *h)
{
struct comb_principal *p;
memset(h, 0, sizeof(*h));
p = (struct comb_principal *)m->client;
heim_krb5_copy_principal(context, p->heim, &h->client);
p = (struct comb_principal *)m->server;
heim_krb5_copy_principal(context, p->heim, &h->server);
h->session.keytype = m->keyblock.enctype;
heim_krb5_data_copy(&h->session.keyvalue, m->keyblock.contents, m->keyblock.length);
heim_krb5_data_copy(&h->ticket, m->ticket.data, m->ticket.length);
h->times.authtime = m->times.authtime;
h->times.starttime = m->times.starttime;
h->times.endtime = m->times.endtime;
h->times.renew_till = m->times.renew_till;
h->flags.i = 0;
if (m->ticket_flags & MIT_TKT_FLG_FORWARDABLE)
h->flags.b.forwardable = 1;
if (m->ticket_flags & MIT_TKT_FLG_FORWARDED)
h->flags.b.forwarded = 1;
if (m->ticket_flags & MIT_TKT_FLG_PROXIABLE)
h->flags.b.proxiable = 1;
if (m->ticket_flags & MIT_TKT_FLG_PROXY)
h->flags.b.proxy = 1;
if (m->ticket_flags & MIT_TKT_FLG_MAY_POSTDATE)
h->flags.b.may_postdate = 1;
if (m->ticket_flags & MIT_TKT_FLG_POSTDATED)
h->flags.b.postdated = 1;
if (m->ticket_flags & MIT_TKT_FLG_INVALID)
h->flags.b.invalid = 1;
if (m->ticket_flags & MIT_TKT_FLG_RENEWABLE)
h->flags.b.renewable = 1;
if (m->ticket_flags & MIT_TKT_FLG_INITIAL)
h->flags.b.initial = 1;
if (m->ticket_flags & MIT_TKT_FLG_PRE_AUTH)
h->flags.b.pre_authent = 1;
if (m->ticket_flags & MIT_TKT_FLG_HW_AUTH)
h->flags.b.hw_authent = 1;
if (m->ticket_flags & MIT_TKT_FLG_TRANSIT_POLICY_CHECKED)
h->flags.b.transited_policy_checked = 1;
if (m->ticket_flags & MIT_TKT_FLG_OK_AS_DELEGATE)
h->flags.b.ok_as_delegate = 1;
if (m->ticket_flags & MIT_TKT_FLG_ANONYMOUS)
h->flags.b.anonymous = 1;
}
KLStatus KLCreatePrincipalFromKerberos5Principal (void *inKerberos5Principal,
KLPrincipal *outPrincipal)
{
if (inKerberos5Principal == NULL)
return klParameterErr;
return heim_krb5_copy_principal(milcontext, inKerberos5Principal, outPrincipal);
}
KLStatus KLCreatePrincipalFromPrincipal (KLPrincipal inPrincipal,
KLPrincipal *outPrincipal)
{
if (inPrincipal == NULL)
return klParameterErr;
return heim_krb5_copy_principal(milcontext, inPrincipal, outPrincipal);
}
mit_krb5_principal
mshim_hprinc2mprinc(krb5_context context, krb5_principal princ)
{
struct comb_principal *p;
p = calloc(1, sizeof(*p));
heim_krb5_copy_principal(context, princ, &p->heim);
map_mit_principal(p);
return (mit_krb5_principal)p;
}
KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal,
KLKerberosVersion inKerberosVersion,
KLBoolean *outFoundValidTickets,
KLPrincipal *outPrincipal,
char **outCredCacheName)
{
krb5_error_code ret;
krb5_creds *ocreds = NULL;
LOG_ENTRY();
if (outPrincipal)
*outPrincipal = NULL;
if (CHECK_VERSION(inKerberosVersion))
return LOG_FAILURE(klInvalidVersionErr, "wrong version");
ret = fetch_creds(inPrincipal, &ocreds, outCredCacheName);
if (ret == 0) {
time_t t = time(NULL);
/* consinder tickets that are slightly too young as valid
* since might just have fetched them */
*outFoundValidTickets =
(ocreds->times.starttime - 10 < t)
&& (t < ocreds->times.endtime);
if (outPrincipal)
(void)heim_krb5_copy_principal(milcontext, ocreds->client, outPrincipal);
heim_krb5_free_creds(milcontext, ocreds);
} else {
LOG_FAILURE(ret, "fetch tickets failed");
ret = 0;
*outFoundValidTickets = 0;
}
return LOG_FAILURE(ret, "KLCacheHasValidTickets");
}
