コード例 #1
0
OM_uint32
_gsskrb5_cred_label_get(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
			const char *label, gss_buffer_t value)
{
    gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
    krb5_context context;
    krb5_error_code ret;
    krb5_data data;

    GSSAPI_KRB5_INIT (&context);

    if (cred == NULL)
	return GSS_S_COMPLETE;

    if (cred->ccache == NULL) {
	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
	return GSS_S_FAILURE;
    }

    ret = krb5_cc_get_config(context, cred->ccache, NULL, label, &data);
    if (ret) {
	*minor_status = ret;
	return GSS_S_FAILURE;
    }

    value->value = data.data;
    value->length = data.length;

    return GSS_S_COMPLETE;
}
コード例 #2
0
ファイル: kinit.c プロジェクト: brianmay/heimdal
static krb5_error_code
store_ntlmkey(krb5_context context, krb5_ccache id,
	      const char *domain, struct ntlm_buf *buf)
{
    krb5_error_code ret;
    krb5_data data;
    char *name;
    int aret;

    ret = krb5_cc_get_config(context, id, NULL, "default-ntlm-domain", &data);
    if (ret == 0) {
        krb5_data_free(&data);
    } else {
        data.length = strlen(domain);
        data.data = rk_UNCONST(domain);
        ret = krb5_cc_set_config(context, id, NULL, "default-ntlm-domain", &data);
        if (ret != 0)
            return ret;
    }

    aret = asprintf(&name, "ntlm-key-%s", domain);
    if (aret == -1 || name == NULL)
	return krb5_enomem(context);

    data.length = buf->length;
    data.data = buf->data;

    ret = krb5_cc_set_config(context, id, NULL, name, &data);
    free(name);
    return ret;
}
コード例 #3
0
ファイル: kinit.c プロジェクト: brianmay/heimdal
static krb5_error_code
copy_configs(krb5_context context,
	     krb5_ccache dst,
	     krb5_ccache src,
	     krb5_principal start_ticket_server)
{
    krb5_error_code ret;
    const char *cfg_names[] = {"realm-config", "FriendlyName", NULL};
    const char *cfg_names_w_pname[] = {"fast_avail", NULL};
    krb5_data cfg_data;
    size_t i;

    for (i = 0; cfg_names[i]; i++) {
	ret = krb5_cc_get_config(context, src, NULL, cfg_names[i], &cfg_data);
	if (ret == KRB5_CC_NOTFOUND || ret == KRB5_CC_END) {
	    continue;
	} else if (ret) {
	    krb5_warn(context, ret, "krb5_cc_get_config");
	    return ret;
	}
	ret = krb5_cc_set_config(context, dst, NULL, cfg_names[i], &cfg_data);
	if (ret)
	    krb5_warn(context, ret, "krb5_cc_set_config");
    }
    for (i = 0; start_ticket_server && cfg_names_w_pname[i]; i++) {
	ret = krb5_cc_get_config(context, src, start_ticket_server,
				 cfg_names_w_pname[i], &cfg_data);
	if (ret == KRB5_CC_NOTFOUND || ret == KRB5_CC_END) {
	    continue;
	} else if (ret) {
	    krb5_warn(context, ret, "krb5_cc_get_config");
	    return ret;
	}
	ret = krb5_cc_set_config(context, dst, start_ticket_server,
				 cfg_names_w_pname[i], &cfg_data);
	if (ret && ret != KRB5_CC_NOTFOUND)
	    krb5_warn(context, ret, "krb5_cc_set_config");
    }
    /*
     * We don't copy cc configs for any other principals though (mostly
     * those are per-target time offsets and the like, so it's bad to
     * lose them, but hardly the end of the world, and as they may not
     * expire anyways, it's good to let them go).
     */
    return 0;
}
コード例 #4
0
krb5_error_code
krb5int_fast_as_armor(krb5_context context,
                      struct krb5int_fast_request_state *state,
                      krb5_gic_opt_ext *opte,
                      krb5_kdc_req *request)
{
    krb5_error_code retval = 0;
    krb5_ccache ccache = NULL;
    krb5_principal target_principal = NULL;
    krb5_data *target_realm;

    krb5_clear_error_message(context);
    target_realm = krb5_princ_realm(context, request->server);
    if (opte->opt_private->fast_ccache_name) {
        TRACE_FAST_ARMOR_CCACHE(context, opte->opt_private->fast_ccache_name);
        state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL;
        retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
                                 &ccache);
        if (retval == 0) {
            retval = krb5int_tgtname(context, target_realm, target_realm,
                                     &target_principal);
        }
        if (retval == 0) {
            krb5_data config_data;
            config_data.data = NULL;
            retval = krb5_cc_get_config(context, ccache, target_principal,
                                        KRB5_CONF_FAST_AVAIL, &config_data);
            if ((retval == 0) && config_data.data) {
                TRACE_FAST_CCACHE_CONFIG(context);
                state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
            }
            krb5_free_data_contents(context, &config_data);
            retval = 0;
        }
        if (opte->opt_private->fast_flags & KRB5_FAST_REQUIRED) {
            TRACE_FAST_REQUIRED(context);
            state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
        }
        if (retval == 0 && (state->fast_state_flags & KRB5INT_FAST_DO_FAST)) {
            retval = fast_armor_ap_request(context, state, ccache,
                                           target_principal);
        }
        if (retval != 0) {
            const char * errmsg;
            errmsg = krb5_get_error_message(context, retval);
            if (errmsg) {
                krb5_set_error_message(context, retval,
                                       "%s constructing AP-REQ armor", errmsg);
                krb5_free_error_message(context, errmsg);
            }
        }
    }
    if (ccache)
        krb5_cc_close(context, ccache);
    if (target_principal)
        krb5_free_principal(context, target_principal);
    return retval;
}
コード例 #5
0
ファイル: fast.c プロジェクト: DirectXMan12/krb5
krb5_error_code
krb5int_fast_as_armor(krb5_context context,
                      struct krb5int_fast_request_state *state,
                      krb5_get_init_creds_opt *opt, krb5_kdc_req *request)
{
    krb5_error_code retval = 0;
    krb5_ccache ccache = NULL;
    krb5_principal target_principal = NULL;
    krb5_data *target_realm;
    const char *ccname = k5_gic_opt_get_fast_ccache_name(opt);
    krb5_flags fast_flags;

    krb5_clear_error_message(context);
    target_realm = &request->server->realm;
    if (ccname != NULL) {
        TRACE_FAST_ARMOR_CCACHE(context, ccname);
        state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL;
        retval = krb5_cc_resolve(context, ccname, &ccache);
        if (retval == 0) {
            retval = krb5int_tgtname(context, target_realm, target_realm,
                                     &target_principal);
        }
        if (retval == 0) {
            krb5_data config_data;
            config_data.data = NULL;
            retval = krb5_cc_get_config(context, ccache, target_principal,
                                        KRB5_CC_CONF_FAST_AVAIL, &config_data);
            if ((retval == 0) && config_data.data) {
                TRACE_FAST_CCACHE_CONFIG(context);
                state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
            }
            krb5_free_data_contents(context, &config_data);
            retval = 0;
        }
        fast_flags = k5_gic_opt_get_fast_flags(opt);
        if (fast_flags & KRB5_FAST_REQUIRED) {
            TRACE_FAST_REQUIRED(context);
            state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
        }
        if (retval == 0 && (state->fast_state_flags & KRB5INT_FAST_DO_FAST)) {
            retval = fast_armor_ap_request(context, state, ccache,
                                           target_principal);
        }
        if (retval != 0) {
            k5_prependmsg(context, retval,
                          _("Error constructing AP-REQ armor"));
        }
    }
    if (ccache)
        krb5_cc_close(context, ccache);
    if (target_principal)
        krb5_free_principal(context, target_principal);
    return retval;
}
コード例 #6
0
static OM_uint32
_acquire_uuid_name(OM_uint32 *minor_status,
		   krb5_context context,
		   krb5_const_principal princ,
		   int *iakerb,
		   gsskrb5_cred handle)
{
    krb5_error_code ret;
    krb5_uuid uuid;
    
    *iakerb = 0;

    if (princ->name.name_type != KRB5_NT_CACHE_UUID)
	return GSS_S_BAD_NAMETYPE;
    
    if (princ->name.name_string.len != 1 || strcmp(princ->realm, "UUID") != 0)
	return GSS_S_BAD_NAME;

    if (krb5_string_to_uuid(princ->name.name_string.val[0], uuid))
	return GSS_S_BAD_NAME;

    ret = krb5_cc_resolve_by_uuid(context, NULL,
				  &handle->ccache, uuid);
    if (ret) {
	*minor_status = ret;
	return GSS_S_FAILURE;
    }
    
    ret = krb5_cc_get_principal(context, handle->ccache, &handle->principal);
    if (ret) {
	*minor_status = ret;
	return GSS_S_FAILURE;
    }
    
    {
	krb5_data data;

	ret = krb5_cc_get_config(context, handle->ccache, NULL, "iakerb", &data);
	if (ret == 0) {
	    *iakerb = 1;
	    handle->endtime = INT_MAX;
	    krb5_data_free(&data);
	    return 0;
	}
    }

    return __gsskrb5_ccache_lifetime(minor_status,
				     context,
				     handle->ccache,
				     handle->principal,
				     &handle->endtime);
}
コード例 #7
0
ファイル: t_cc_config.c プロジェクト: WeiY/krb5
int
main(int argc, char **argv)
{
    krb5_context context;
    krb5_principal server;
    krb5_ccache ccache;
    krb5_data data;
    krb5_error_code ret;
    char *perr;
    int c;
    unsigned int i;

    bail_on_err(NULL, "Error initializing Kerberos library",
                krb5_init_context(&context));
    bail_on_err(context, "Error getting location of default ccache",
                krb5_cc_default(context, &ccache));
    server = NULL;
    while ((c = getopt(argc, argv, "p:")) != -1) {
        switch (c) {
        case 'p':
            if (asprintf(&perr, "Error parsing principal name \"%s\"",
                         optarg) < 0)
                perr = "Error parsing principal name";
            bail_on_err(context, perr,
                        krb5_parse_name(context, optarg, &server));
            break;
        }
    }
    if (argc - optind < 1 || argc - optind > 2) {
        fprintf(stderr, "Usage: %s [-p principal] key [value]\n", argv[0]);
        return 1;
    }
    memset(&data, 0, sizeof(data));
    if (argc - optind == 2) {
        unset_config(context, ccache, server, argv[optind]);
        data = string2data(argv[optind + 1]);
        bail_on_err(context, "Error adding configuration data to ccache",
                    krb5_cc_set_config(context, ccache, server, argv[optind],
                                       &data));
    } else {
        ret = krb5_cc_get_config(context, ccache, server, argv[optind], &data);
        if (ret == 0) {
            for (i = 0; i < data.length; i++)
                putc((unsigned int)data.data[i], stdout);
        }
    }
    krb5_free_principal(context, server);
    krb5_cc_close(context, ccache);
    krb5_free_context(context);
    return 0;
}
コード例 #8
0
ファイル: cc_set_config.c プロジェクト: Akasurde/krb5
krb5_error_code
func_get(krb5_context context, krb5_ccache id,
         krb5_const_principal principal, const char *key)
{
   krb5_data config_data;
   krb5_error_code ret;

   config_data.data = NULL;
   ret = krb5_cc_get_config(context, id, principal, key, &config_data);
   if (ret){
        return ret;
   }
   /* do something */
   krb5_free_data_contents(context, &config_data);
   return ret;
}
コード例 #9
0
static OM_uint32
change_hold(OM_uint32 *minor_status, gsskrb5_cred cred,
	    krb5_error_code (*func)(krb5_context, krb5_ccache))
{
    krb5_error_code ret;
    krb5_context context;
    krb5_data data;

    *minor_status = 0;
    krb5_data_zero(&data);

    GSSAPI_KRB5_INIT (&context);

    if (cred == NULL)
	return GSS_S_COMPLETE;

    if (cred->usage != GSS_C_INITIATE && cred->usage != GSS_C_BOTH) {
	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
	return GSS_S_FAILURE;
    }

    /* XXX only refcount nah-created credentials */
    ret = krb5_cc_get_config(context, cred->ccache, NULL, "nah-created", &data);
    if (ret) {
	*minor_status = ret;
	return GSS_S_FAILURE;
    }
    krb5_data_free(&data);

    ret = func(context, cred->ccache);

    if (ret) {
	*minor_status = ret;
	return GSS_S_FAILURE;
    }

    return GSS_S_COMPLETE;
}
コード例 #10
0
ファイル: init_sec_context.c プロジェクト: InvLim/heimdal
static int
get_user_ccache(const ntlm_name name, char **domainp, char **usernamep, struct ntlm_buf *key)
{
    krb5_context context = NULL;
    krb5_principal client;
    krb5_ccache id = NULL;
    krb5_error_code ret;
    char *confname;
    krb5_data data;
    int aret;

    *domainp = NULL;
    *usernamep = NULL;
    krb5_data_zero(&data);
    key->length = 0;
    key->data = NULL;

    ret = krb5_init_context(&context);
    if (ret)
	return ret;

    ret = krb5_cc_default(context, &id);
    if (ret)
	goto out;

    ret = krb5_cc_get_principal(context, id, &client);
    if (ret)
	goto out;

    ret = krb5_unparse_name_flags(context, client,
				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
				  usernamep);
    krb5_free_principal(context, client);
    if (ret)
	goto out;

    if (name != NULL) {
        *domainp = strdup(name->domain);
    } else {
        krb5_data data_domain;

        krb5_data_zero(&data_domain);
        ret = krb5_cc_get_config(context, id, NULL, "default-ntlm-domain",
                                 &data_domain);
        if (ret)
            goto out;

        *domainp = strndup(data_domain.data, data_domain.length);
        krb5_data_free(&data_domain);
    }

    if (*domainp == NULL) {
        ret = krb5_enomem(context);
	goto out;
    }

    aret = asprintf(&confname, "ntlm-key-%s", *domainp);
    if (aret == -1) {
        ret = krb5_enomem(context);
	goto out;
    }

    ret = krb5_cc_get_config(context, id, NULL, confname, &data);
    if (ret)
        goto out;

    key->data = malloc(data.length);
    if (key->data == NULL) {
	ret = ENOMEM;
	goto out;
    }
    key->length = data.length;
    memcpy(key->data, data.data, data.length);

 out:
    krb5_data_free(&data);
    if (id)
	krb5_cc_close(context, id);

    krb5_free_context(context);

    return ret;
}
コード例 #11
0
OM_uint32
_gssiakerb_acquire_cred(OM_uint32 * minor_status,
			const gss_name_t desired_name,
			OM_uint32 time_req,
			const gss_OID_set desired_mechs,
			gss_cred_usage_t cred_usage,
			gss_cred_id_t * output_cred_handle,
			gss_OID_set * actual_mechs,
			OM_uint32 * time_rec)
{
    krb5_principal princ = (krb5_principal)desired_name;
    OM_uint32 major_status, junk;
    krb5_context context;
    krb5_error_code ret;
    gsskrb5_cred handle;
    krb5_data data;
    int iakerb = 0;
    
    GSSAPI_KRB5_INIT(&context);

    *minor_status = 0;
    *output_cred_handle = NULL;
    
    if (cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH)
	return GSS_S_FAILURE;
    if (princ == NULL)
	return GSS_S_FAILURE;

    handle = calloc(1, sizeof(*handle));
    if (handle == NULL)
        return GSS_S_FAILURE;

    HEIMDAL_MUTEX_init(&handle->cred_id_mutex);

    major_status = _acquire_uuid_name(minor_status, context, princ, &iakerb, handle);
    if (major_status)
	return major_status;
    if (!iakerb)
	return GSS_S_BAD_NAME;

    if ((ret = krb5_cc_get_config(context, handle->ccache, NULL, "password", &data)) == 0) {

	ret = asprintf(&handle->password, "%.*s", (int)data.length, (char *)data.data);
	memset(data.data, 0, data.length);
	krb5_data_free(&data);
	if (ret <= 0 || handle->password == NULL) {
	    _gsskrb5_release_cred(&junk, (gss_cred_id_t *)&handle);
	    *minor_status = ENOMEM;
	    return GSS_S_FAILURE;
	}

#ifdef PKINIT
    } else if ((ret = krb5_cc_get_config(context, handle->ccache, NULL, "certificate-ref", &data)) == 0) {
	hx509_certs certs;
	hx509_query *q;
	
	ret = hx509_certs_init(context->hx509ctx, "KEYCHAIN:", 0, NULL, &certs);
	if (ret) {
	    krb5_data_free(&data);
	    hx509_certs_free(&certs);
	    _gsskrb5_release_cred(&junk, (gss_cred_id_t *)&handle);
	    *minor_status = ret;
	    return GSS_S_FAILURE;
	}

	ret = hx509_query_alloc(context->hx509ctx, &q);
	if (ret) {
	    krb5_data_free(&data);
	    hx509_certs_free(&certs);
	    _gsskrb5_release_cred(&junk, (gss_cred_id_t *)&handle);
	    *minor_status = ret;
	    return GSS_S_FAILURE;
	}
	
	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
	hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
	hx509_query_match_persistent(q, &data);

	ret = _krb5_pk_find_cert(context, 1, certs, q, &handle->cert);
	krb5_data_free(&data);
	hx509_certs_free(&certs);
	hx509_query_free(context->hx509ctx, q);
	if (ret != 0) {
	    _gss_mg_log(1, "gss-krb5: failed to find certificate ref %d", ret);
	    _gsskrb5_release_cred(&junk, (gss_cred_id_t *)&handle);
	    *minor_status = ret;
	    return GSS_S_FAILURE;
	}
#endif
    } else if ((ret = krb5_cc_get_config(context, handle->ccache, NULL, "iakerb", &data)) == 0) {
	handle->cred_flags |= GSS_CF_IAKERB_RESOLVED;
	krb5_data_free(&data);
    } else {
	_gsskrb5_release_cred(&junk, (gss_cred_id_t *)&handle);
	*minor_status = 0;
	return GSS_S_FAILURE;
    }
    
    handle->usage = GSS_C_INITIATE;
    handle->endtime = INT_MAX;
    
    *output_cred_handle = (gss_cred_id_t)handle;
    *minor_status = 0;
    return GSS_S_COMPLETE;
}
コード例 #12
0
ファイル: init_sec_context.c プロジェクト: 2asoft/freebsd
static int
get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key)
{
    krb5_context context = NULL;
    krb5_principal client;
    krb5_ccache id = NULL;
    krb5_error_code ret;
    char *confname;
    krb5_data data;

    *username = NULL;
    krb5_data_zero(&data);
    key->length = 0;
    key->data = NULL;

    ret = krb5_init_context(&context);
    if (ret)
	return ret;

    ret = krb5_cc_default(context, &id);
    if (ret)
	goto out;

    ret = krb5_cc_get_principal(context, id, &client);
    if (ret)
	goto out;

    ret = krb5_unparse_name_flags(context, client,
				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
				  username);
    krb5_free_principal(context, client);
    if (ret)
	goto out;

    asprintf(&confname, "ntlm-key-%s", name->domain);
    if (confname == NULL) {
	krb5_clear_error_message(context);
	ret = ENOMEM;
	goto out;
    }

    ret = krb5_cc_get_config(context, id, NULL,
			     confname, &data);
    if (ret)
	goto out;

    key->data = malloc(data.length);
    if (key->data == NULL) {
	ret = ENOMEM;
	goto out;
    }
    key->length = data.length;
    memcpy(key->data, data.data, data.length);

 out:
    krb5_data_free(&data);
    if (id)
	krb5_cc_close(context, id);

    krb5_free_context(context);

    return ret;
}
コード例 #13
0
ファイル: test_cc.c プロジェクト: SimonWilkinson/heimdal
static void
test_cc_config(krb5_context context)
{
    krb5_error_code ret;
    krb5_principal p;
    krb5_ccache id;
    unsigned int i;

    ret = krb5_cc_new_unique(context, "MEMORY", "bar", &id);
    if (ret)
	krb5_err(context, 1, ret, "krb5_cc_new_unique");

    ret = krb5_parse_name(context, "*****@*****.**", &p);
    if (ret)
	krb5_err(context, 1, ret, "krb5_parse_name");

    ret = krb5_cc_initialize(context, id, p);
    if (ret)
	krb5_err(context, 1, ret, "krb5_cc_initialize");

    for (i = 0; i < 1000; i++) {
	krb5_data data, data2;
	const char *name = "foo";
	krb5_principal p1 = NULL;

	if (i & 1)
	    p1 = p;

	data.data = rk_UNCONST(name);
	data.length = strlen(name);

	ret = krb5_cc_set_config(context, id, p1, "FriendlyName", &data);
	if (ret)
	    krb5_errx(context, 1, "krb5_cc_set_config: add");

	ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2);
	if (ret)
	    krb5_errx(context, 1, "krb5_cc_get_config: first");
	krb5_data_free(&data2);

	ret = krb5_cc_set_config(context, id, p1, "FriendlyName", &data);
	if (ret)
	    krb5_errx(context, 1, "krb5_cc_set_config: add -second");

	ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2);
	if (ret)
	    krb5_errx(context, 1, "krb5_cc_get_config: second");
	krb5_data_free(&data2);

	ret = krb5_cc_set_config(context, id, p1, "FriendlyName", NULL);
	if (ret)
	    krb5_errx(context, 1, "krb5_cc_set_config: delete");

	ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2);
	if (ret == 0)
	    krb5_errx(context, 1, "krb5_cc_get_config: non-existant");
    }

    krb5_cc_destroy(context, id);
    krb5_free_principal(context, p);
}