kim_error kim_identity_copy (kim_identity *out_identity,
kim_identity in_identity)
{
kim_error err = KIM_NO_ERROR;
kim_identity identity = KIM_IDENTITY_ANY;
if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && in_identity != KIM_IDENTITY_ANY) {
err = kim_identity_allocate (&identity);
if (!err) {
err = krb5_error (in_identity->context,
krb5_copy_context (in_identity->context,
&identity->context));
}
if (!err) {
err = krb5_error (identity->context,
krb5_copy_principal (identity->context,
in_identity->principal,
&identity->principal));
}
}
if (!err) {
*out_identity = identity;
identity = NULL;
}
kim_identity_free (&identity);
return check_error (err);
}
kim_error kim_ui_plugin_init (kim_ui_context *io_context)
{
kim_error err = KIM_NO_ERROR;
kim_ui_plugin_context context = NULL;
if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_ui_plugin_context_allocate (&context);
}
if (!err) {
PLUGIN_DIR_INIT(&context->plugins);
err = krb5_error (context->kcontext,
krb5int_open_plugin_dirs (kim_ui_plugin_dirs,
kim_ui_plugin_files,
&context->plugins,
&context->kcontext->err));
}
if (!err) {
err = krb5_error (context->kcontext,
krb5int_get_plugin_dir_data (&context->plugins,
"kim_ui_0",
&context->ftables,
&context->kcontext->err));
}
if (!err && context->ftables) {
int i;
for (i = 0; context->ftables[i]; i++) {
struct kim_ui_plugin_ftable_v0 *ftable = context->ftables[i];
context->plugin_context = NULL;
err = ftable->init (&context->plugin_context);
if (!err) {
context->ftable = ftable;
break; /* use first plugin that initializes correctly */
}
err = KIM_NO_ERROR; /* ignore failed plugins */
}
}
if (!err && !context->ftable) {
err = check_error (KRB5_PLUGIN_NO_HANDLE);
}
if (!err) {
io_context->tcontext = context;
context = NULL;
}
kim_ui_plugin_context_free (&context);
return check_error (err);
}
static kim_error kim_ui_plugin_context_allocate (kim_ui_plugin_context *out_context)
{
kim_error err = KIM_NO_ERROR;
kim_ui_plugin_context context = NULL;
if (!err && !out_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
context = malloc (sizeof (*context));
if (!context) { err = KIM_OUT_OF_MEMORY_ERR; }
}
if (!err) {
err = krb5_error (NULL, krb5_init_context (&context->kcontext));
}
if (!err) {
PLUGIN_DIR_INIT(&context->plugins);
context->ftable = NULL;
context->ftables = NULL;
context->plugin_context = NULL;
*out_context = context;
context = NULL;
}
kim_ui_plugin_context_free (&context);
return check_error (err);
}
krb5_get_init_creds_opt *kim_options_init_cred_options (kim_options in_options)
{
kim_error err = KIM_NO_ERROR;
krb5_address **addresses = NULL;
if (!err && !in_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_options->init_cred_context) {
err = krb5_error (NULL,
krb5_init_context (&in_options->init_cred_context));
}
if (!err && !in_options->addressless) {
err = krb5_error (in_options->init_cred_context,
krb5_os_localaddr (in_options->init_cred_context,
&addresses));
}
if (!err && !in_options->init_cred_options) {
err = krb5_error (in_options->init_cred_context,
krb5_get_init_creds_opt_alloc (in_options->init_cred_context,
&in_options->init_cred_options));
}
if (!err) {
krb5_get_init_creds_opt_set_tkt_life (in_options->init_cred_options,
in_options->lifetime);
if (in_options->renewal_lifetime || in_options->renewable)
krb5_get_init_creds_opt_set_renew_life (in_options->init_cred_options,
in_options->renewal_lifetime);
krb5_get_init_creds_opt_set_forwardable (in_options->init_cred_options,
in_options->forwardable);
krb5_get_init_creds_opt_set_proxiable (in_options->init_cred_options,
in_options->proxiable);
krb5_get_init_creds_opt_set_address_list (in_options->init_cred_options,
addresses);
addresses = NULL;
}
if (addresses) { krb5_free_addresses (in_options->init_cred_context,
addresses); }
return !check_error (err) ? in_options->init_cred_options : NULL;
}
kim_error kim_identity_create_from_components (kim_identity *out_identity,
kim_string in_realm,
kim_string in_1st_component,
...)
{
kim_error err = KIM_NO_ERROR;
kim_identity identity = NULL;
if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_realm ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_1st_component) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_identity_allocate (&identity);
}
if (!err) {
err = krb5_error (NULL, krb5_init_context (&identity->context));
}
if (!err) {
va_list args;
va_start (args, in_1st_component);
err = krb5_error (identity->context,
krb5int_build_principal_alloc_va (identity->context,
&identity->principal,
strlen(in_realm),
in_realm,
in_1st_component,
args));
va_end (args);
}
if (!err) {
*out_identity = identity;
identity = NULL;
}
kim_identity_free (&identity);
return check_error (err);
}
kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity,
krb5_context in_krb5_context,
krb5_principal in_krb5_principal)
{
kim_error err = KIM_NO_ERROR;
kim_identity identity = NULL;
if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_krb5_principal) { err = check_error (KIM_NULL_PARAMETER_ERR); }
/* KLCreatePrincipalFromKerberos5Principal passes NULL in_krb5_context */
if (!err) {
err = kim_identity_allocate (&identity);
}
if (!err) {
if (in_krb5_context) {
err = krb5_error (in_krb5_context,
krb5_copy_context (in_krb5_context,
&identity->context));
} else {
err = krb5_error (NULL,
krb5_init_context (&identity->context));
}
}
if (!err) {
err = krb5_error (identity->context,
krb5_copy_principal (identity->context,
in_krb5_principal,
&identity->principal));
}
if (!err) {
*out_identity = identity;
identity = NULL;
}
kim_identity_free (&identity);
return check_error (err);
}
kim_error kim_identity_create_from_string (kim_identity *out_identity,
kim_string in_string)
{
kim_error err = KIM_NO_ERROR;
kim_identity identity = NULL;
if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_string ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_identity_allocate (&identity);
}
if (!err) {
err = krb5_error (NULL, krb5_init_context (&identity->context));
}
if (!err) {
krb5_error_code code = krb5_parse_name (identity->context, in_string, &identity->principal);
if (code == KRB5_PARSE_MALFORMED) {
err = kim_error_set_message_for_code (KIM_BAD_PRINCIPAL_STRING_ERR,
in_string);
} else if (code) {
err = krb5_error (identity->context, code);
}
}
if (!err) {
*out_identity = identity;
identity = NULL;
}
if (identity) { kim_identity_free (&identity); }
return check_error (err);
}
kim_error kim_identity_get_krb5_principal (kim_identity in_identity,
krb5_context in_krb5_context,
krb5_principal *out_krb5_principal)
{
kim_error err = KIM_NO_ERROR;
if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_krb5_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !out_krb5_principal) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = krb5_error (in_krb5_context,
krb5_copy_principal (in_krb5_context,
in_identity->principal,
out_krb5_principal));
}
return check_error (err);
}
kim_error kim_identity_get_string (kim_identity in_identity,
kim_string *out_string)
{
kim_error err = KIM_NO_ERROR;
char *unparsed_name = NULL;
if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !out_string ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = krb5_error (in_identity->context,
krb5_unparse_name (in_identity->context,
in_identity->principal,
&unparsed_name));
}
if (!err) {
err = kim_string_copy (out_string, unparsed_name);
}
if (unparsed_name) { krb5_free_unparsed_name (in_identity->context, unparsed_name); }
return check_error (err);
}
kim_error kim_identity_change_password_with_credential (kim_identity in_identity,
kim_credential in_credential,
kim_string in_new_password,
kim_ui_context *in_ui_context,
kim_error *out_rejected_err,
kim_string *out_rejected_message,
kim_string *out_rejected_description)
{
kim_error err = KIM_NO_ERROR;
krb5_creds *creds = NULL;
int rejected_err = 0;
krb5_data message_data;
krb5_data description_data;
if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_credential ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_new_password ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !in_ui_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err && !out_rejected_err) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_credential_get_krb5_creds (in_credential,
in_identity->context,
&creds);
}
if (!err) {
if (krb5_principal_compare (in_identity->context,
in_identity->principal,
creds->client)) {
/* Same principal, change the password normally */
err = krb5_error (in_identity->context,
krb5_change_password (in_identity->context,
creds,
(char *) in_new_password,
&rejected_err,
&message_data,
&description_data));
} else {
/* Different principal, use set change password protocol */
err = krb5_error (in_identity->context,
krb5_set_password (in_identity->context,
creds,
(char *) in_new_password,
in_identity->principal,
&rejected_err,
&message_data,
&description_data));
}
}
if (!err && rejected_err) {
kim_string rejected_message = NULL;
kim_string rejected_description = NULL;
if (message_data.data && message_data.length > 0) {
err = kim_string_create_from_buffer (&rejected_message,
message_data.data,
message_data.length);
} else {
err = kim_os_string_create_localized (&rejected_message,
"Kerberos Change Password Failed:");
}
if (!err) {
if (description_data.data && description_data.length > 0) {
err = kim_string_create_from_buffer (&rejected_description,
description_data.data,
description_data.length);
} else {
err = kim_os_string_create_localized (&rejected_description,
"New password rejected.");
}
}
if (!err && in_ui_context->type != kim_ui_type_cli) {
char *c;
// replace all \n and \r characters with spaces
for (c = (char *) rejected_message; *c != '\0'; c++) {
if ((*c == '\n') || (*c == '\r')) { *c = ' '; }
}
for (c = (char *) rejected_description; *c != '\0'; c++) {
if ((*c == '\n') || (*c == '\r')) { *c = ' '; }
}
}
if (!err) {
if (out_rejected_message) {
*out_rejected_message = rejected_message;
rejected_message = NULL;
}
if (out_rejected_description) {
*out_rejected_description = rejected_description;
rejected_description = NULL;
}
}
kim_string_free (&rejected_message);
kim_string_free (&rejected_description);
krb5_free_data_contents (in_identity->context, &message_data);
krb5_free_data_contents (in_identity->context, &description_data);
}
if (!err) {
/* do this after reporting errors so we don't double report rejection */
*out_rejected_err = rejected_err;
}
if (creds) { krb5_free_creds (in_identity->context, creds); }
return check_error (err);
}