static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
{
krb5_error_code result = 0;
cc_context_t cc_context = NULL;
cc_string_t default_name = NULL;
cc_int32 ccerr = cc_initialize (&cc_context, ccapi_version_3, NULL, NULL);
if (ccerr == ccNoError) {
ccerr = cc_context_get_default_ccache_name (cc_context, &default_name);
}
if (ccerr == ccNoError) {
if (strlen (default_name -> data) + 5 > name_size) {
result = ENOMEM;
goto cleanup;
} else {
snprintf (name_buf, name_size, "API:%s",
default_name -> data);
}
}
cleanup:
if (cc_context != NULL) {
cc_context_release (cc_context);
}
if (default_name != NULL) {
cc_string_release (default_name);
}
return result;
}
int KRB5_CALLCONV
krb_in_tkt (
char* pname,
char* pinst,
char* realm)
{
char principal [MAX_K_NAME_SZ + 1];
cc_int32 err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (err == ccNoError) {
sprintf (principal, "%s%s%s@%s", pname, (pinst [0] == '\0') ? "" : ".", pinst, realm);
}
if (err == ccNoError) {
err = cc_context_create_ccache (cc_context, TKT_FILE, cc_credentials_v4, principal, &ccache);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (err != ccNoError)
return KFAILURE;
else
return KSUCCESS;
}
/*
* Destroy credentials file
*
* Implementation in dest_tkt.c
*/
int KRB5_CALLCONV
dest_tkt (void)
{
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
cc_ccache_destroy (ccache);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (cc_err != ccNoError)
return RET_TKFIL;
else
return KSUCCESS;
}
/*
* Deletion from credentials file
*/
int KRB5_CALLCONV
krb_delete_cred (
char* sname,
char* sinstance,
char* srealm)
{
cc_credentials_t theCreds = NULL;
cc_credentials_iterator_t iterator = NULL;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
}
if (cc_err == ccNoError) {
for (;;) {
/* get next creds */
cc_err = cc_credentials_iterator_next (iterator, &theCreds);
if (cc_err != ccNoError) {
break;
}
if ((theCreds -> data -> version == cc_credentials_v4) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> service, sname) == 0) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, sinstance) == 0) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, srealm) == 0)) {
cc_ccache_remove_credentials (ccache, theCreds);
cc_credentials_release (theCreds);
break;
}
cc_credentials_release (theCreds);
}
}
if (iterator != NULL)
cc_credentials_iterator_release (iterator);
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (cc_err != ccNoError)
return KFAILURE;
else
return KSUCCESS;
}
static krb5_error_code stdcc_setup(krb5_context context,
stdccCacheDataPtr ccapi_data)
{
int err;
/* make sure the API has been intialized */
if (gCntrlBlock == NULL) {
#ifdef CC_API_VER2
err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL);
#else
err = cc_initialize(&gCntrlBlock, CC_API_VER_1, NULL, NULL);
#endif
if (err != CC_NOERROR)
return cc_err_xlate(err);
}
/*
* No ccapi_data structure, so we don't need to make sure the
* ccache exists.
*/
if (!ccapi_data)
return 0;
/*
* The ccache already exists
*/
if (ccapi_data->NamedCache)
return 0;
err = cc_open(gCntrlBlock, ccapi_data->cache_name,
CC_CRED_V5, 0L, &ccapi_data->NamedCache);
if (err == CC_NOTFOUND)
err = CC_NO_EXIST;
if (err == CC_NOERROR)
return 0;
ccapi_data->NamedCache = NULL;
return cc_err_xlate(err);
}
krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
(krb5_context context)
{
krb5_error_code err = 0;
if (!err && !gCntrlBlock) {
err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
}
if (!err) {
err = cc_context_unlock(gCntrlBlock);
}
return cc_err_xlate(err);
}
/*
* Destroy all credential caches
*
* Implementation in memcache.c
*/
int KRB5_CALLCONV
dest_all_tkts (void)
{
int count = 0;
cc_ccache_iterator_t iterator = NULL;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_new_ccache_iterator (cc_context, &iterator);
}
if (cc_err == ccNoError) {
for (;;) {
/* get next ccache */
cc_err = cc_ccache_iterator_next (iterator, &ccache);
if (cc_err != ccNoError)
break;
cc_ccache_destroy (ccache);
count++;
}
}
if (iterator != NULL)
cc_credentials_iterator_release (iterator);
if (cc_context != NULL)
cc_context_release (cc_context);
if ((cc_err == ccIteratorEnd) && (count == 0)) {
/* first time, nothing to destroy */
return KFAILURE;
} else {
if (cc_err == ccIteratorEnd) {
/* done */
return KSUCCESS;
} else {
/* error */
return KFAILURE;
}
}
}
/*
* Number of credentials in credentials cache
*/
int KRB5_CALLCONV
krb_get_num_cred (void)
{
cc_credentials_t theCreds = NULL;
int count = 0;
cc_credentials_iterator_t iterator = NULL;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
}
if (cc_err == ccNoError) {
for (;;) {
/* get next creds */
cc_err = cc_credentials_iterator_next (iterator, &theCreds);
if (cc_err != ccNoError)
break;
if (theCreds -> data -> version == cc_credentials_v4)
count++;
cc_credentials_release (theCreds);
}
}
if (iterator != NULL)
cc_credentials_iterator_release (iterator);
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (cc_err != ccNoError)
return 0;
else
return count;
}
/*
* Credentials file -> realm mapping
*
* Determine the realm by opening the named cache and parsing realm from the principal
*/
int KRB5_CALLCONV
krb_get_tf_realm (
const char* ticket_file,
char* realm)
{
cc_string_t principal;
char pname [ANAME_SZ];
char pinst [INST_SZ];
char prealm [REALM_SZ];
int kerr = KSUCCESS;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version = 0;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
}
if (cc_err == ccNoError) {
cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
}
if (cc_err == ccNoError) {
/* found cache. get princiapl and parse it */
kerr = kname_parse (pname, pinst, prealm, (char*) principal -> data);
cc_string_release (principal);
}
if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
strcpy (realm, prealm);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return GC_NOTKT;
else
return KSUCCESS;
}
/*
* Credentials file -> name, instance, realm mapping
*/
int KRB5_CALLCONV
krb_get_tf_fullname (
const char* ticket_file,
char* name,
char* instance,
char* realm)
{
cc_string_t principal;
int kerr = KSUCCESS;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
}
if (cc_err == ccNoError) {
/* found cache. get principal and parse it */
cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
}
if (cc_err == ccNoError) {
kerr = kname_parse (name, instance, realm, (char*) principal -> data);
cc_string_release (principal);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return GC_NOTKT;
else
return KSUCCESS;
}
static krb5_error_code stdccv3_setup (krb5_context context,
stdccCacheDataPtr ccapi_data)
{
krb5_error_code err = 0;
if (!err && !gCntrlBlock) {
err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
}
if (!err && ccapi_data && !ccapi_data->NamedCache) {
/* ccache has not been opened yet. open it. */
err = cc_context_open_ccache (gCntrlBlock, ccapi_data->cache_name,
&ccapi_data->NamedCache);
}
if (!err && ccapi_data && ccapi_data->NamedCache) {
err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache);
}
return err; /* Don't translate. Callers will translate for us */
}
static void
UpdateDefaultCache (void)
{
cc_string_t name;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_get_default_ccache_name (cc_context, &name);
}
if (cc_err == ccNoError) {
krb_set_tkt_string ((char*) name -> data);
cc_string_release (name);
}
if (cc_context != NULL)
cc_context_release (cc_context);
}
/*+*************************************************************************
**
** Fill_combo
**
** Fills the combo box with the contents of the host list. Item 0 goes
** into the edit portion and the rest go into the libt box.
**
***************************************************************************/
static void
fill_combo (HWND hDlg) {
int i; // Index
char buff[256];
#ifdef USE_LEASH
krb5_error_code retval;
apiCB * cc_ctx = 0;
struct _infoNC ** pNCi = 0;
#endif
SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_RESETCONTENT, 0, 0);
SetDlgItemText(hDlg, GSS_HOST_NAME, szHost);
SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_SETEDITSEL, 0, 0);
for (i = 1; i < MAX_SAVED; ++i) { // Fill in the list box
if (*hosts[i] == '\0')
break;
SendDlgItemMessage(hDlg, GSS_HOST_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) hosts[i]));
}
SendDlgItemMessage(hDlg, GSS_SERVICE_NAME, CB_RESETCONTENT, 0, 0);
SetDlgItemText(hDlg, GSS_SERVICE_NAME, szService);
SendDlgItemMessage(hDlg, GSS_SERVICE_NAME, CB_SETEDITSEL, 0, 0);
for (i = 1; i < MAX_SAVED; ++i) { // Fill in the list box
if (*svcs[i] == '\0')
break;
SendDlgItemMessage(hDlg, GSS_SERVICE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) svcs[i]));
}
SendDlgItemMessage(hDlg, GSS_MECHANISM, CB_RESETCONTENT, 0, 0);
SetDlgItemText(hDlg, GSS_MECHANISM, szMech);
SendDlgItemMessage(hDlg, GSS_MECHANISM, CB_SETEDITSEL, 0, 0);
for (i = 1; i < MAX_SAVED; ++i) { // Fill in the list box
if (*mechs[i] == '\0')
break;
SendDlgItemMessage(hDlg, GSS_MECHANISM, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) mechs[i]));
}
SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_RESETCONTENT, 0, 0);
SetDlgItemText(hDlg, GSS_CCACHE_NAME, szCCache);
SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_SETEDITSEL, 0, 0);
#ifdef USE_LEASH
retval = cc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL);
if (retval)
goto skip_ccache;
retval = cc_get_NC_info(cc_ctx, &pNCi);
if (retval)
goto clean_ccache;
for ( i=0; pNCi[i]; i++ ) {
if (pNCi[i]->vers == CC_CRED_V5) {
sprintf(buff,"API:%s",pNCi[i]->name);
SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) buff));
}
}
clean_ccache:
if (pNCi)
cc_free_NC_info(cc_ctx, &pNCi);
if (cc_ctx)
cc_shutdown(&cc_ctx);
skip_ccache:
#endif /* USE_LEASH */
if ( szCCache[0] )
SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) szCCache));
SendDlgItemMessage(hDlg, GSS_CCACHE_NAME, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) "MSLSA:"));
SendDlgItemMessage(hDlg, GSS_MESSAGE, CB_RESETCONTENT, 0, 0);
SetDlgItemText(hDlg, GSS_MESSAGE, szMessage);
SendDlgItemMessage(hDlg, GSS_MESSAGE, CB_SETEDITSEL, 0, 0);
for (i = 1; i < MAX_SAVED; ++i) { // Fill in the list box
if (*msgs[i] == '\0')
break;
SendDlgItemMessage(hDlg, GSS_MESSAGE, CB_ADDSTRING, 0, (LPARAM) ((LPSTR) msgs[i]));
}
wsprintf(buff, "%d", port);
SetDlgItemText(hDlg, GSS_PORT, buff);
CheckDlgButton(hDlg, GSS_VERBOSE, verbose);
CheckDlgButton(hDlg, GSS_DELEGATION, delegate);
CheckDlgButton(hDlg, GSS_MUTUAL, mutual);
CheckDlgButton(hDlg, GSS_REPLAY, replay);
CheckDlgButton(hDlg, GSS_SEQUENCE, sequence);
CheckDlgButton(hDlg, GSS_VERSION_ONE, gssv1);
CheckDlgButton(hDlg, GSS_NO_AUTH, noauth);
CheckDlgButton(hDlg, GSS_NO_WRAP, nowrap);
CheckDlgButton(hDlg, GSS_NO_ENCRYPT, nocrypt);
CheckDlgButton(hDlg, GSS_NO_MIC, nomic);
if ( noauth ) {
// disable the other no_xxx options
EnableWindow(GetDlgItem(hDlg, GSS_NO_WRAP), FALSE);
EnableWindow(GetDlgItem(hDlg, GSS_NO_ENCRYPT), FALSE);
EnableWindow(GetDlgItem(hDlg, GSS_NO_MIC), FALSE);
} else {
// enable the other no_xxx options
EnableWindow(GetDlgItem(hDlg, GSS_NO_WRAP), TRUE);
EnableWindow(GetDlgItem(hDlg, GSS_NO_ENCRYPT), TRUE);
EnableWindow(GetDlgItem(hDlg, GSS_NO_MIC), TRUE);
}
SendDlgItemMessage(hDlg, GSS_CALL_COUNT, TBM_SETRANGEMIN, (WPARAM) FALSE, (LPARAM) 1);
SendDlgItemMessage(hDlg, GSS_CALL_COUNT, TBM_SETRANGEMAX, (WPARAM) FALSE, (LPARAM) 20);
SendDlgItemMessage(hDlg, GSS_CALL_COUNT, TBM_SETPOS, (WPARAM) FALSE, (LPARAM) ccount);
sprintf(buff,"Call Count: %d",ccount);
SetWindowText(GetDlgItem(hDialog, IDC_STATIC_CCOUNT),buff);
SendDlgItemMessage(hDlg, GSS_MESSAGE_COUNT, TBM_SETRANGEMIN, (WPARAM) FALSE, (LPARAM) 1);
SendDlgItemMessage(hDlg, GSS_MESSAGE_COUNT, TBM_SETRANGEMAX, (WPARAM) FALSE, (LPARAM) 20);
SendDlgItemMessage(hDlg, GSS_MESSAGE_COUNT, TBM_SETPOS, (WPARAM) FALSE, (LPARAM) mcount);
sprintf(buff,"Message Count: %d",mcount);
SetWindowText(GetDlgItem(hDialog, IDC_STATIC_MSG_COUNT),buff);
}
/*
* Retrieval from credentials cache
*/
int KRB5_CALLCONV
krb_get_cred (
char* service,
char* instance,
char* realm,
CREDENTIALS* creds)
{
int kerr = KSUCCESS;
cc_int32 cc_err = ccNoError;
cc_credentials_t theCreds = NULL;
cc_credentials_iterator_t iterator = NULL;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
#ifdef USE_LOGIN_LIBRARY
// If we are requesting a tgt, prompt for it
if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
OSStatus err;
char *cacheName;
KLPrincipal outPrincipal;
err = __KLInternalAcquireInitialTicketsForCache (TKT_FILE, kerberosVersion_V4, NULL,
&outPrincipal, &cacheName);
if (err == klNoErr) {
krb_set_tkt_string (cacheName); // Tickets for the krb4 principal went here
KLDisposeString (cacheName);
KLDisposePrincipal (outPrincipal);
} else {
return GC_NOTKT;
}
}
#endif /* USE_LOGIN_LIBRARY */
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
}
if (cc_err == ccNoError) {
for (;;) {
/* get next creds */
cc_err = cc_credentials_iterator_next (iterator, &theCreds);
if (cc_err == ccIteratorEnd) {
kerr = GC_NOTKT;
break;
}
if (cc_err != ccNoError) {
kerr = KFAILURE;
break;
}
/* version, service, instance, realm check */
if ((theCreds -> data -> version == cc_credentials_v4) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> service, service) == 0) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, instance) == 0) &&
(strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, realm) == 0)) {
/* Match! */
strcpy (creds -> service, service);
strcpy (creds -> instance, instance);
strcpy (creds -> realm, realm);
memmove (creds -> session, theCreds -> data -> credentials.credentials_v4 -> session_key, sizeof (C_Block));
creds -> lifetime = theCreds -> data -> credentials.credentials_v4 -> lifetime;
creds -> kvno = theCreds -> data -> credentials.credentials_v4 -> kvno;
creds -> ticket_st.length = theCreds -> data -> credentials.credentials_v4 -> ticket_size;
memmove (creds -> ticket_st.dat, theCreds -> data -> credentials.credentials_v4 -> ticket, creds -> ticket_st.length);
creds -> issue_date = theCreds -> data -> credentials.credentials_v4 -> issue_date;
strcpy (creds -> pname, theCreds -> data -> credentials.credentials_v4 -> principal);
strcpy (creds -> pinst, theCreds -> data -> credentials.credentials_v4 -> principal_instance);
creds -> stk_type = theCreds -> data -> credentials.credentials_v4 -> string_to_key_type;
cc_credentials_release (theCreds);
kerr = KSUCCESS;
break;
} else {
cc_credentials_release (theCreds);
}
}
}
if (iterator != NULL)
cc_credentials_iterator_release (iterator);
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return GC_NOTKT;
else
return KSUCCESS;
}
/*
* Store a ticket into the default credentials cache
* cache must exist (if it didn't exist, it would have been created by in_tkt)
*/
int
krb4int_save_credentials_addr(
char* service,
char* instance,
char* realm,
C_Block session,
int lifetime,
int kvno,
KTEXT ticket,
KRB4_32 issue_date,
KRB_UINT32 local_address)
{
cc_int32 cc_err = ccNoError;
int kerr = KSUCCESS;
cc_credentials_v4_t v4creds;
cc_credentials_union creds;
cc_ccache_t ccache = NULL;
cc_string_t principal;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
/* First try existing cache */
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
/* Now we have a cache. Fill out the credentials and put them in the cache. */
/* To fill out the credentials, we need the principal */
cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
}
if (cc_err == ccNoError) {
kerr = kname_parse (v4creds.principal, v4creds.principal_instance, v4creds.realm, (char*) principal -> data);
cc_string_release (principal);
}
if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
strncpy (v4creds.service, service, SNAME_SZ);
strncpy (v4creds.service_instance, instance, INST_SZ);
strncpy (v4creds.realm, realm, REALM_SZ);
memmove (v4creds.session_key, session, sizeof (C_Block));
v4creds.kvno = kvno;
v4creds.string_to_key_type = cc_v4_stk_unknown;
v4creds.issue_date = issue_date;
v4creds.address = local_address;
v4creds.lifetime = lifetime;
v4creds.ticket_size = ticket -> length;
memmove (v4creds.ticket, ticket -> dat, ticket -> length);
creds.version = cc_credentials_v4;
creds.credentials.credentials_v4 = &v4creds;
cc_err = cc_ccache_store_credentials (ccache, &creds);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return KFAILURE;
else
return KSUCCESS;
}
/*
* Retrieval from credentials file
* This function is _not_!! well-defined under CCache API, because
* there is no guarantee about order of credentials remaining the same.
*/
int KRB5_CALLCONV
krb_get_nth_cred (
char* sname,
char* sinstance,
char* srealm,
int n)
{
cc_credentials_t theCreds = NULL;
int count = 0;
cc_credentials_iterator_t iterator = NULL;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
if (n < 1)
return KFAILURE;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator);
}
if (cc_err == ccNoError) {
for (count = 0; count < n;) {
/* get next creds */
cc_err = cc_credentials_iterator_next (iterator, &theCreds);
if (cc_err != ccNoError)
break;
if (theCreds -> data -> version == cc_credentials_v4)
count++;
if (count < n - 1)
cc_credentials_release (theCreds);
}
}
if (cc_err == ccNoError) {
strcpy (sname, theCreds -> data -> credentials.credentials_v4 -> service);
strcpy (sinstance, theCreds -> data -> credentials.credentials_v4 -> service_instance);
strcpy (srealm, theCreds -> data -> credentials.credentials_v4 -> realm);
}
if (theCreds != NULL)
cc_credentials_release (theCreds);
if (iterator != NULL)
cc_credentials_iterator_release (iterator);
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (cc_err != ccNoError)
return KFAILURE;
else
return KSUCCESS;
}
int check_cc_ccache_iterator_next(void) {
cc_int32 err = 0;
cc_context_t context = NULL;
cc_ccache_t ccache = NULL;
cc_ccache_iterator_t iterator = NULL;
unsigned int i;
BEGIN_TEST("cc_ccache_iterator_next");
err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
if (!err) {
err = destroy_all_ccaches(context);
}
// iterate with no ccaches
if (!err) {
err = cc_context_new_ccache_iterator(context, &iterator);
}
check_once_cc_ccache_iterator_next(iterator, 0, ccNoError, "iterating over an empty collection");
if (iterator) {
cc_ccache_iterator_release(iterator);
iterator = NULL;
}
// iterate with one ccache
if (!err) {
destroy_all_ccaches(context);
err = cc_context_create_new_ccache(context, cc_credentials_v5, "*****@*****.**", &ccache);
}
if (ccache) {
cc_ccache_release(ccache);
ccache = NULL;
}
if (!err) {
err = cc_context_new_ccache_iterator(context, &iterator);
}
check_once_cc_ccache_iterator_next(iterator, 1, ccNoError, "iterating over a collection of 1 ccache");
if (iterator) {
cc_ccache_iterator_release(iterator);
iterator = NULL;
}
// iterate with several ccaches
if (!err) {
destroy_all_ccaches(context);
}
for(i = 0; !err && (i < 1000); i++)
{
if (i%100 == 0) fprintf(stdout, ".");
err = cc_context_create_new_ccache(context, cc_credentials_v5, "*****@*****.**", &ccache);
if (ccache) {
cc_ccache_release(ccache);
ccache = NULL;
}
}
if (!err) {
err = cc_context_new_ccache_iterator(context, &iterator);
}
check_once_cc_ccache_iterator_next(iterator, 1000, ccNoError, "iterating over a collection of 1000 ccache");
if (iterator) {
cc_ccache_iterator_release(iterator);
iterator = NULL;
}
if (ccache) { cc_ccache_release(ccache); }
if (iterator) { cc_ccache_iterator_release(iterator); }
if (context) {
destroy_all_ccaches(context);
cc_context_release(context);
}
END_TEST_AND_RETURN
}
void main(void)
{
// XXX (3) - infoNC not properly filled out when returned.
infoNC** allCacheInfo = 0; // XXX (2) - bug in krbcc32
infoNC* cacheInfo;
ccache_p* theCache = 0;
ccache_cit* iterator = 0;
cred_union* theCreds = 0;
cc_uint32 err;
unsigned long index;
apiCB* context = 0; // XXX (1) - bug in krbcc32
cc_int32 version;
printf ("Dumping all credential caches... (times are in GMT)\n");
err = cc_initialize (&context, CC_API_VER_2, &version, NULL); // XXX (1)
if (err != CC_NOERROR) {
printf ("*** cc_initialize returned %d ***\n", err);
return;
}
err = cc_get_NC_info (context, &allCacheInfo); // XXX (2) - another bug
if (err != CC_NOERROR) {
printf ("*** cc_get_NC_info returned %d ***\n", err);
return;
}
for (index = 0; allCacheInfo [index] != 0; index++) {
cacheInfo = allCacheInfo [index];
switch (cacheInfo->vers) {
case CC_CRED_V4:
printf ("\tv4 credentials\n");
break;
case CC_CRED_V5:
printf ("\tv5 credentials\n");
break;
default:
printf ("\t*** bogus credentials type %d***\n", cacheInfo->vers);
continue;
}
printf ("\tfor %s\n\tin %s\n", cacheInfo->principal, cacheInfo->name);
err = cc_open (context, cacheInfo->name, cacheInfo->vers, 0L,
&theCache);
if (err != CC_NOERROR) {
printf ("\t*** cc_open returned %d ***\n", err);
continue;
}
err = cc_seq_fetch_creds_begin (context, theCache, &iterator);
if (err != CC_NOERROR) {
printf ("\t*** cc_seq_fetch_creds_begin returned %d ***\n", err);
continue;
}
for (;;) {
err = cc_seq_fetch_creds_next (context,
&theCreds, iterator);
if (err == CC_END)
break;
if (err != CC_NOERROR) {
printf ("\t\t*** seq_fetch_creds returned %d ***\n", err);
continue;
}
switch (theCreds->cred_type) {
case CC_CRED_V4: {
char start [26];
char end [26];
printf ("\t\t%s - %s: %s.%s@%s\n",
datestring (start,
theCreds->cred.pV4Cred->issue_date),
datestring (end,
theCreds->cred.pV4Cred->issue_date +
theCreds->cred.pV4Cred->lifetime * 5 * 60),
theCreds->cred.pV4Cred->service,
theCreds->cred.pV4Cred->service_instance,
theCreds->cred.pV4Cred->realm);
break;
}
case CC_CRED_V5: {
char start [26];
char end [26];
printf ("\t\t%s - %s: %s\n",
datestring (start, theCreds->cred.pV5Cred->starttime),
datestring (end, theCreds->cred.pV5Cred->endtime),
theCreds->cred.pV5Cred->server);
break;
}
}
cc_free_creds (context, &theCreds);
}
cc_seq_fetch_creds_end (context, &iterator);
cc_close (context, &theCache);
printf ("\n");
}
cc_free_NC_info (context, &allCacheInfo);
cc_shutdown (&context);
}
