static cc_int32 context_open_default_ccache(cc_context_t in_context, cc_ccache_t *out_ccache) { krb5_error_code ret; krb5_ccache id; LOG_ENTRY(); if (out_ccache == NULL) return ccErrBadParam; ret = heim_krb5_cc_default(milcontext, &id); if (ret) return LOG_FAILURE(ret, "cc default"); if (!check_exists(id)) { heim_krb5_cc_close(milcontext, id); return ccErrCCacheNotFound; } *out_ccache = create_ccache(id); return ccNoError; }
cc_int32 cc_iterator_next(cc_ccache_iterator_t in_ccache_iterator, cc_ccache_t *out_ccache) { struct cc_iter *c = (struct cc_iter *)in_ccache_iterator; krb5_error_code ret; krb5_ccache id; LOG_ENTRY(); if (out_ccache == NULL) return ccErrBadParam; while (1) { const char *type; ret = mit_krb5_cccol_cursor_next((mit_krb5_context)milcontext, c->cursor, (mit_krb5_ccache *)&id); if (ret == KRB5_CC_END || id == NULL) return ccIteratorEnd; else if (ret) return LOG_FAILURE(ret, "ccol next cursor"); type = heim_krb5_cc_get_type(milcontext, id); if (strcmp(type, "API") == 0 || strcmp(type, "KCM") == 0) break; heim_krb5_cc_close(milcontext, id); } *out_ccache = create_ccache(id); return ccNoError; }
static cc_int32 context_open_ccache (cc_context_t in_context, const char *in_name, cc_ccache_t *out_ccache) { char *name; krb5_error_code ret; krb5_ccache id; if (out_ccache == NULL || in_name == NULL || in_context == NULL) return ccErrBadParam; asprintf(&name, "API:%s", in_name); ret = heim_krb5_cc_resolve(milcontext, name, &id); free(name); if (ret) return LOG_FAILURE(ret, "open cache"); if (!check_exists(id)) { heim_krb5_cc_close(milcontext, id); return ccErrCCacheNotFound; } *out_ccache = create_ccache(id); return ccNoError; }
KLStatus KLAcquireNewInitialTicketsWithPassword(KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_ccache cache; krb5_creds creds; char *service = NULL; krb5_get_init_creds_opt *opt = NULL; LOG_ENTRY(); if (inLoginOptions) { service = inLoginOptions->service; opt = inLoginOptions->opt; } ret = heim_krb5_get_init_creds_password(context, &creds, inPrincipal, inPassword, NULL, NULL, 0, service, opt); if (ret) return ret; ret = heim_krb5_cc_cache_match(context, inPrincipal, &cache); if (ret) ret = heim_krb5_cc_new_unique(context, NULL, NULL, &cache); if (ret) goto out; ret = heim_krb5_cc_initialize(context, cache, creds.client); if(ret) goto out; ret = heim_krb5_cc_store_cred(context, cache, &creds); if (ret) goto out; if (outCredCacheName) *outCredCacheName = strdup(heim_krb5_cc_get_name(context, cache)); out: if (cache) { if (ret) krb5_cc_destroy((mit_krb5_context)context, (mit_krb5_ccache)cache); else heim_krb5_cc_close(context, cache); } heim_krb5_free_cred_contents(context, &creds); return ret; }
cc_int32 ccache_release(cc_ccache_t io_ccache) { struct cc_ccache *c = (struct cc_ccache *)io_ccache; LOG_ENTRY(); if (c->id) heim_krb5_cc_close(milcontext, c->id); free(c); return ccNoError; }
static krb5_error_code fetch_creds(KLPrincipal inPrincipal, krb5_creds **ocreds, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_principal princ = NULL; krb5_creds in_creds; krb5_const_realm realm; krb5_error_code ret; krb5_ccache id = NULL; LOG_ENTRY(); memset(&in_creds, 0, sizeof(in_creds)); if (inPrincipal) { ret = heim_krb5_cc_cache_match(context, inPrincipal, &id); } else { ret = heim_krb5_cc_default(context, &id); if (ret == 0) ret = heim_krb5_cc_get_principal(context, id, &princ); inPrincipal = princ; } if (ret) goto out; realm = heim_krb5_principal_get_realm(context, inPrincipal); ret = heim_krb5_make_principal(context, &in_creds.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) goto out; in_creds.client = inPrincipal; ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in_creds, ocreds); heim_krb5_free_principal(context, in_creds.server); if (outCredCacheName) *outCredCacheName = strdup(heim_krb5_cc_get_name(context, id)); out: if (id) heim_krb5_cc_close(context, id); if (princ) heim_krb5_free_principal(context, princ); return LOG_FAILURE(ret, "fetch_creds"); }
static cc_int32 context_create_default_ccache(cc_context_t in_context, cc_uint32 in_cred_vers, const char *in_principal, cc_ccache_t *out_ccache) { krb5_principal principal; krb5_error_code ret; struct cc_ccache *c; krb5_ccache id; LOG_ENTRY(); if (in_cred_vers != cc_credentials_v5) return ccErrBadCredentialsVersion; if (out_ccache == NULL || in_principal == NULL) return ccErrBadParam; *out_ccache = NULL; update_time(&context_change_time); ret = heim_krb5_cc_default(milcontext, &id); if (ret) return LOG_FAILURE(ret, "cc default"); ret = heim_krb5_parse_name(milcontext, in_principal, &principal); if (ret) { heim_krb5_cc_close(milcontext, id); return LOG_FAILURE(ret, "parse name"); } ret = heim_krb5_cc_initialize(milcontext, id, principal); heim_krb5_free_principal(milcontext, principal); if (ret) { mit_krb5_cc_destroy((mit_krb5_context)milcontext, (mit_krb5_ccache)id); return LOG_FAILURE(ret, "cc init"); } c = (struct cc_ccache *)create_ccache(id); update_time(&c->last_default_time); *out_ccache = (cc_ccache_t)c; return ccNoError; }
KLStatus KLSetSystemDefaultCache (KLPrincipal inPrincipal) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_ccache id; LOG_ENTRY(); ret = heim_krb5_cc_cache_match(context, inPrincipal, &id); if (ret) return LOG_FAILURE(ret, "ccache match"); ret = heim_krb5_cc_switch(context, id); heim_krb5_cc_close(context, id); if (ret) return LOG_FAILURE(ret, "cc switch"); return klNoErr; }
KLStatus KLRenewInitialTickets(KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, KLPrincipal *outPrincipal, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_creds in, *cred = NULL; krb5_ccache id; krb5_kdc_flags flags; krb5_const_realm realm; krb5_principal principal = NULL; memset(&in, 0, sizeof(in)); LOG_ENTRY(); if (outPrincipal) *outPrincipal = NULL; if (outCredCacheName) *outCredCacheName = NULL; if (inPrincipal) { principal = inPrincipal; } else { ret = heim_krb5_get_default_principal(context, &principal); if (ret) return ret; } ret = heim_krb5_cc_cache_match(context, principal, &id); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); return ret; } in.client = principal; realm = heim_krb5_principal_get_realm(context, in.client); if (inLoginOptions && inLoginOptions->service) ret = heim_krb5_make_principal(context, &in.server, realm, inLoginOptions->service, NULL); else ret = heim_krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); heim_krb5_cc_close(context, id); return ret; } flags.i = 0; if (inLoginOptions) flags.i = inLoginOptions->opt->flags; /* Pull out renewable from previous ticket */ ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in, &cred); if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); if (ret == 0 && cred) { flags.b.renewable = cred->flags.b.renewable; heim_krb5_free_creds (context, cred); cred = NULL; } flags.b.renew = 1; ret = heim_krb5_get_kdc_cred(context, id, flags, NULL, NULL, &in, &cred); heim_krb5_free_principal(context, in.server); if (ret) goto out; ret = heim_krb5_cc_initialize(context, id, in.client); if (ret) goto out; ret = heim_krb5_cc_store_cred(context, id, cred); out: if (cred) heim_krb5_free_creds (context, cred); heim_krb5_cc_close(context, id); return ret; }