/* get_principal
*
* - return the principal associated with the named cache
*/
krb5_error_code KRB5_CALLCONV
krb5_stdccv3_get_principal (krb5_context context,
krb5_ccache id ,
krb5_principal *princ)
{
krb5_error_code err = 0;
stdccCacheDataPtr ccapi_data = id->data;
cc_string_t name = NULL;
if (!err) {
err = stdccv3_setup(context, ccapi_data);
}
if (!err) {
err = cc_ccache_get_principal (ccapi_data->NamedCache, cc_credentials_v5, &name);
}
if (!err) {
err = krb5_parse_name (context, name->data, princ);
}
if (name) { cc_string_release (name); }
return cc_err_xlate (err);
}
static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
{
krb5_error_code result = 0;
cc_context_t cc_context = NULL;
cc_string_t default_name = NULL;
cc_int32 ccerr = cc_initialize (&cc_context, ccapi_version_3, NULL, NULL);
if (ccerr == ccNoError) {
ccerr = cc_context_get_default_ccache_name (cc_context, &default_name);
}
if (ccerr == ccNoError) {
if (strlen (default_name -> data) + 5 > name_size) {
result = ENOMEM;
goto cleanup;
} else {
snprintf (name_buf, name_size, "API:%s",
default_name -> data);
}
}
cleanup:
if (cc_context != NULL) {
cc_context_release (cc_context);
}
if (default_name != NULL) {
cc_string_release (default_name);
}
return result;
}
/*
* Credentials file -> realm mapping
*
* Determine the realm by opening the named cache and parsing realm from the principal
*/
int KRB5_CALLCONV
krb_get_tf_realm (
const char* ticket_file,
char* realm)
{
cc_string_t principal;
char pname [ANAME_SZ];
char pinst [INST_SZ];
char prealm [REALM_SZ];
int kerr = KSUCCESS;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version = 0;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
}
if (cc_err == ccNoError) {
cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
}
if (cc_err == ccNoError) {
/* found cache. get princiapl and parse it */
kerr = kname_parse (pname, pinst, prealm, (char*) principal -> data);
cc_string_release (principal);
}
if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
strcpy (realm, prealm);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return GC_NOTKT;
else
return KSUCCESS;
}
/*
* Credentials file -> name, instance, realm mapping
*/
int KRB5_CALLCONV
krb_get_tf_fullname (
const char* ticket_file,
char* name,
char* instance,
char* realm)
{
cc_string_t principal;
int kerr = KSUCCESS;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_ccache_t ccache = NULL;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache);
}
if (cc_err == ccNoError) {
/* found cache. get principal and parse it */
cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
}
if (cc_err == ccNoError) {
kerr = kname_parse (name, instance, realm, (char*) principal -> data);
cc_string_release (principal);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return GC_NOTKT;
else
return KSUCCESS;
}
static void
UpdateDefaultCache (void)
{
cc_string_t name;
cc_int32 cc_err = ccNoError;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
cc_err = cc_context_get_default_ccache_name (cc_context, &name);
}
if (cc_err == ccNoError) {
krb_set_tkt_string ((char*) name -> data);
cc_string_release (name);
}
if (cc_context != NULL)
cc_context_release (cc_context);
}
krb5_error_code KRB5_CALLCONV
krb5_stdccv3_ptcursor_next(
krb5_context context,
krb5_cc_ptcursor cursor,
krb5_ccache *ccache)
{
krb5_error_code err = 0;
cc_ccache_iterator_t iterator = NULL;
krb5_ccache newCache = NULL;
stdccCacheDataPtr ccapi_data = NULL;
cc_ccache_t ccCache = NULL;
cc_string_t ccstring = NULL;
char *name = NULL;
if (!cursor || !cursor->data) {
err = ccErrInvalidContext;
}
*ccache = NULL;
if (!err) {
newCache = (krb5_ccache) malloc (sizeof (*newCache));
if (!newCache) { err = KRB5_CC_NOMEM; }
}
if (!err) {
ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
if (!ccapi_data) { err = KRB5_CC_NOMEM; }
}
if (!err) {
iterator = cursor->data;
err = cc_ccache_iterator_next(iterator, &ccCache);
}
if (!err) {
err = cc_ccache_get_name (ccCache, &ccstring);
}
if (!err) {
name = strdup (ccstring->data);
if (!name) { err = KRB5_CC_NOMEM; }
}
if (!err) {
ccapi_data->cache_name = name;
name = NULL; /* take ownership */
ccapi_data->NamedCache = ccCache;
ccCache = NULL; /* take ownership */
newCache->ops = &krb5_cc_stdcc_ops;
newCache->data = ccapi_data;
ccapi_data = NULL; /* take ownership */
/* return a pointer to the new cache */
*ccache = newCache;
newCache = NULL;
}
if (name) { free (name); }
if (ccstring) { cc_string_release (ccstring); }
if (ccCache) { cc_ccache_release (ccCache); }
if (ccapi_data) { free (ccapi_data); }
if (newCache) { free (newCache); }
if (err == ccIteratorEnd) {
err = ccNoError;
}
return err;
}
/*
* -- generate_new --------------------------------
*
* create a new cache with a unique name, corresponds to creating a
* named cache initialize the API here if we have to.
*/
krb5_error_code KRB5_CALLCONV
krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id )
{
krb5_error_code err = 0;
krb5_ccache newCache = NULL;
stdccCacheDataPtr ccapi_data = NULL;
cc_ccache_t ccache = NULL;
cc_string_t ccstring = NULL;
char *name = NULL;
if (!err) {
err = stdccv3_setup(context, NULL);
}
if (!err) {
newCache = (krb5_ccache) malloc (sizeof (*newCache));
if (!newCache) { err = KRB5_CC_NOMEM; }
}
if (!err) {
ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
if (!ccapi_data) { err = KRB5_CC_NOMEM; }
}
if (!err) {
err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "",
&ccache);
}
if (!err) {
err = stdccv3_set_timeoffset (context, ccache);
}
if (!err) {
err = cc_ccache_get_name (ccache, &ccstring);
}
if (!err) {
name = strdup (ccstring->data);
if (!name) { err = KRB5_CC_NOMEM; }
}
if (!err) {
ccapi_data->cache_name = name;
name = NULL; /* take ownership */
ccapi_data->NamedCache = ccache;
ccache = NULL; /* take ownership */
newCache->ops = &krb5_cc_stdcc_ops;
newCache->data = ccapi_data;
ccapi_data = NULL; /* take ownership */
/* return a pointer to the new cache */
*id = newCache;
newCache = NULL;
}
if (ccstring) { cc_string_release (ccstring); }
if (name) { free (name); }
if (ccache) { cc_ccache_release (ccache); }
if (ccapi_data) { free (ccapi_data); }
if (newCache) { free (newCache); }
return cc_err_xlate (err);
}
/*
* resolve
*
* create a new cache with the name stored in residual
*/
krb5_error_code KRB5_CALLCONV
krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residual )
{
krb5_error_code err = 0;
stdccCacheDataPtr ccapi_data = NULL;
krb5_ccache ccache = NULL;
char *name = NULL;
cc_string_t defname = NULL;
if (id == NULL) { err = KRB5_CC_NOMEM; }
if (!err) {
err = stdccv3_setup (context, NULL);
}
if (!err) {
ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
if (!ccapi_data) { err = KRB5_CC_NOMEM; }
}
if (!err) {
ccache = (krb5_ccache ) malloc (sizeof (*ccache));
if (!ccache) { err = KRB5_CC_NOMEM; }
}
if (!err) {
if ((residual == NULL) || (strlen(residual) == 0)) {
err = cc_context_get_default_ccache_name(gCntrlBlock, &defname);
if (defname)
residual = defname->data;
}
}
if (!err) {
name = strdup (residual);
if (!name) { err = KRB5_CC_NOMEM; }
}
if (!err) {
err = cc_context_open_ccache (gCntrlBlock, residual,
&ccapi_data->NamedCache);
if (err == ccErrCCacheNotFound) {
ccapi_data->NamedCache = NULL;
err = 0; /* ccache just doesn't exist yet */
}
}
if (!err) {
ccapi_data->cache_name = name;
name = NULL; /* take ownership */
ccache->ops = &krb5_cc_stdcc_ops;
ccache->data = ccapi_data;
ccapi_data = NULL; /* take ownership */
*id = ccache;
ccache = NULL; /* take ownership */
}
if (ccache) { free (ccache); }
if (ccapi_data) { free (ccapi_data); }
if (name) { free (name); }
if (defname) { cc_string_release(defname); }
return cc_err_xlate (err);
}
/*
* Store a ticket into the default credentials cache
* cache must exist (if it didn't exist, it would have been created by in_tkt)
*/
int
krb4int_save_credentials_addr(
char* service,
char* instance,
char* realm,
C_Block session,
int lifetime,
int kvno,
KTEXT ticket,
KRB4_32 issue_date,
KRB_UINT32 local_address)
{
cc_int32 cc_err = ccNoError;
int kerr = KSUCCESS;
cc_credentials_v4_t v4creds;
cc_credentials_union creds;
cc_ccache_t ccache = NULL;
cc_string_t principal;
cc_context_t cc_context = NULL;
cc_int32 cc_version;
cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL);
if (cc_err == ccNoError) {
/* First try existing cache */
cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache);
}
if (cc_err == ccNoError) {
/* Now we have a cache. Fill out the credentials and put them in the cache. */
/* To fill out the credentials, we need the principal */
cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal);
}
if (cc_err == ccNoError) {
kerr = kname_parse (v4creds.principal, v4creds.principal_instance, v4creds.realm, (char*) principal -> data);
cc_string_release (principal);
}
if ((cc_err == ccNoError) && (kerr == KSUCCESS)) {
strncpy (v4creds.service, service, SNAME_SZ);
strncpy (v4creds.service_instance, instance, INST_SZ);
strncpy (v4creds.realm, realm, REALM_SZ);
memmove (v4creds.session_key, session, sizeof (C_Block));
v4creds.kvno = kvno;
v4creds.string_to_key_type = cc_v4_stk_unknown;
v4creds.issue_date = issue_date;
v4creds.address = local_address;
v4creds.lifetime = lifetime;
v4creds.ticket_size = ticket -> length;
memmove (v4creds.ticket, ticket -> dat, ticket -> length);
creds.version = cc_credentials_v4;
creds.credentials.credentials_v4 = &v4creds;
cc_err = cc_ccache_store_credentials (ccache, &creds);
}
if (ccache != NULL)
cc_ccache_release (ccache);
if (cc_context != NULL)
cc_context_release (cc_context);
if (kerr != KSUCCESS)
return kerr;
if (cc_err != ccNoError)
return KFAILURE;
else
return KSUCCESS;
}