static krb5_error_code
ihave(krb5_context context, krb5_auth_context auth_context,
int fd, uint32_t version)
{
int ret;
u_char buf[8];
krb5_storage *sp;
krb5_data data;
sp = krb5_storage_from_mem(buf, 8);
ret = krb5_store_uint32(sp, I_HAVE);
if (ret == 0)
ret = krb5_store_uint32(sp, version);
krb5_storage_free(sp);
data.length = 8;
data.data = buf;
if (ret == 0) {
if (verbose)
krb5_warnx(context, "telling master we are at %u", version);
ret = krb5_write_priv_message(context, auth_context, &fd, &data);
if (ret)
krb5_warn(context, ret, "krb5_write_message");
}
return ret;
}
static int
prop_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data data;
struct slave *s = (struct slave *)v;
ret = hdb_entry2value (context, &entry->entry, &data);
if (ret)
return ret;
ret = krb5_data_realloc (&data, data.length + 4);
if (ret) {
krb5_data_free (&data);
return ret;
}
memmove ((char *)data.data + 4, data.data, data.length - 4);
sp = krb5_storage_from_data(&data);
if (sp == NULL) {
krb5_data_free (&data);
return ENOMEM;
}
krb5_store_int32(sp, ONE_PRINC);
krb5_storage_free(sp);
ret = krb5_write_priv_message (context, s->ac, &s->fd, &data);
krb5_data_free (&data);
return ret;
}
static krb5_error_code KRB5_CALLCONV
akf_start_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *c)
{
int32_t ret;
struct akf_data *d = id->data;
c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600);
if (c->fd < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("keytab afs keyfile open %s failed: %s", ""),
d->filename, strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
ret = krb5_ret_uint32(c->sp, &d->num_entries);
if(ret) {
krb5_storage_free(c->sp);
close(c->fd);
krb5_clear_error_message (context);
if(ret == KRB5_KT_END)
return KRB5_KT_NOTFOUND;
return ret;
}
return 0;
}
kadm5_ret_t
kadm5_log_foreach (kadm5_server_context *context,
void (*func)(kadm5_server_context *server_context,
uint32_t ver,
time_t timestamp,
enum kadm_ops op,
uint32_t len,
krb5_storage *,
void *),
void *ctx)
{
int fd = context->log_context.log_fd;
krb5_storage *sp;
lseek (fd, 0, SEEK_SET);
sp = krb5_storage_from_fd (fd);
for (;;) {
int32_t ver, timestamp, op, len, len2, ver2;
if(krb5_ret_int32 (sp, &ver) != 0)
break;
krb5_ret_int32 (sp, ×tamp);
krb5_ret_int32 (sp, &op);
krb5_ret_int32 (sp, &len);
(*func)(context, ver, timestamp, op, len, sp, ctx);
krb5_ret_int32 (sp, &len2);
krb5_ret_int32 (sp, &ver2);
if (len != len2)
abort();
if (ver != ver2)
abort();
}
krb5_storage_free(sp);
return 0;
}
static int
dump_one (krb5_context context, HDB *db, hdb_entry_ex *entry, void *v)
{
krb5_error_code ret;
krb5_storage *dump = (krb5_storage *)v;
krb5_storage *sp;
krb5_data data;
ret = hdb_entry2value (context, &entry->entry, &data);
if (ret)
return ret;
ret = krb5_data_realloc (&data, data.length + 4);
if (ret)
goto done;
memmove ((char *)data.data + 4, data.data, data.length - 4);
sp = krb5_storage_from_data(&data);
if (sp == NULL) {
ret = ENOMEM;
goto done;
}
ret = krb5_store_uint32(sp, ONE_PRINC);
krb5_storage_free(sp);
if (ret == 0)
ret = krb5_store_data(dump, data);
done:
krb5_data_free (&data);
return ret;
}
static krb5_error_code
akf_start_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *c)
{
int32_t ret;
struct akf_data *d = id->data;
c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
if (c->fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
ret = krb5_ret_int32(c->sp, &d->num_entries);
if(ret) {
krb5_storage_free(c->sp);
close(c->fd);
krb5_clear_error_string (context);
if(ret == KRB5_KT_END)
return KRB5_KT_NOTFOUND;
return ret;
}
return 0;
}
kadm5_ret_t
_kadm5_unmarshal_params(krb5_context context,
krb5_data *in,
kadm5_config_params *params)
{
krb5_error_code ret;
krb5_storage *sp;
int32_t mask;
sp = krb5_storage_from_data(in);
if (sp == NULL)
return ENOMEM;
ret = krb5_ret_int32(sp, &mask);
if (ret)
goto out;
params->mask = mask;
if(params->mask & KADM5_CONFIG_REALM)
ret = krb5_ret_string(sp, ¶ms->realm);
out:
krb5_storage_free(sp);
return ret;
}
static void
send_im_here(krb5_context context, int fd,
krb5_auth_context auth_context)
{
krb5_storage *sp;
krb5_data data;
krb5_error_code ret;
ret = krb5_data_alloc(&data, 4);
if (ret)
krb5_err(context, IPROPD_RESTART, ret, "send_im_here");
sp = krb5_storage_from_data (&data);
if (sp == NULL)
krb5_errx(context, IPROPD_RESTART, "krb5_storage_from_data");
ret = krb5_store_uint32(sp, I_AM_HERE);
krb5_storage_free(sp);
if (ret == 0) {
ret = krb5_write_priv_message(context, auth_context, &fd, &data);
krb5_data_free(&data);
if (ret)
krb5_err(context, IPROPD_RESTART, ret, "krb5_write_priv_message");
if (verbose)
krb5_warnx(context, "pinged master");
}
return;
}
kadm5_ret_t
kadm5_c_chpass_principal_with_key(void *server_handle,
krb5_principal princ,
int n_key_data,
krb5_key_data *key_data)
{
kadm5_client_context *context = server_handle;
kadm5_ret_t ret;
krb5_storage *sp;
unsigned char buf[1024];
int32_t tmp;
krb5_data reply;
int i;
ret = _kadm5_connect(server_handle);
if(ret)
return ret;
sp = krb5_storage_from_mem(buf, sizeof(buf));
if (sp == NULL) {
krb5_clear_error_message(context->context);
return ENOMEM;
}
krb5_store_int32(sp, kadm_chpass_with_key);
krb5_store_principal(sp, princ);
krb5_store_int32(sp, n_key_data);
for (i = 0; i < n_key_data; ++i)
kadm5_store_key_data (sp, &key_data[i]);
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if (ret)
return ret;
ret = _kadm5_client_recv(context, &reply);
if(ret)
return ret;
sp = krb5_storage_from_data (&reply);
if (sp == NULL) {
krb5_clear_error_message(context->context);
krb5_data_free (&reply);
return ENOMEM;
}
krb5_ret_int32(sp, &tmp);
krb5_clear_error_message(context->context);
krb5_storage_free(sp);
krb5_data_free (&reply);
return tmp;
}
kadm5_ret_t
kadm5_c_get_principal(void *server_handle,
krb5_principal princ,
kadm5_principal_ent_t out,
uint32_t mask)
{
kadm5_client_context *context = server_handle;
kadm5_ret_t ret;
krb5_storage *sp;
unsigned char buf[1024];
int32_t tmp;
krb5_data reply;
ret = _kadm5_connect(server_handle);
if(ret)
return ret;
sp = krb5_storage_from_mem(buf, sizeof(buf));
if (sp == NULL) {
krb5_clear_error_message(context->context);
return ENOMEM;
}
krb5_store_int32(sp, kadm_get);
krb5_store_principal(sp, princ);
krb5_store_int32(sp, mask);
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if(ret)
return ret;
ret = _kadm5_client_recv(context, &reply);
if (ret)
return ret;
sp = krb5_storage_from_data (&reply);
if (sp == NULL) {
krb5_clear_error_message(context->context);
krb5_data_free (&reply);
return ENOMEM;
}
krb5_ret_int32(sp, &tmp);
ret = tmp;
krb5_clear_error_message(context->context);
if(ret == 0)
kadm5_ret_principal_ent(sp, out);
krb5_storage_free(sp);
krb5_data_free (&reply);
return ret;
}
/*
* Request:
* NameZ
*
* Response:
* Cursor
*
*/
static krb5_error_code
kcm_get_first (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
u_int32_t tmp;
ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_int32(response, &tmp);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
if (ret)
return ret;
*cursor = malloc(sizeof(tmp));
if (*cursor == NULL)
return KRB5_CC_NOMEM;
KCMCURSOR(*cursor) = tmp;
return 0;
}
/*
* Request:
* NameZ
* ServerPrincipalPresent
* ServerPrincipal OPTIONAL
* Key
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_initial_ticket(krb5_context context,
krb5_ccache id,
krb5_principal server,
krb5_keyblock *key)
{
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int8(request, (server == NULL) ? 0 : 1);
if (ret) {
krb5_storage_free(request);
return ret;
}
if (server != NULL) {
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
}
ret = krb5_store_keyblock(request, *key);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code KRB5_CALLCONV
akf_end_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *cursor)
{
krb5_storage_free(cursor->sp);
close(cursor->fd);
return 0;
}
/*
* Request:
* NameZ
* KDCFlags
* EncryptionType
* ServerPrincipal
*
* Repsonse:
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_kcm_get_ticket(krb5_context context,
krb5_ccache id,
krb5_kdc_flags flags,
krb5_enctype enctype,
krb5_principal server)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, flags.i);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, enctype);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_principal(request, server);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
kadm5_ret_t
kadm5_c_chpass_principal(void *server_handle,
krb5_principal princ,
const char *password)
{
kadm5_client_context *context = server_handle;
kadm5_ret_t ret;
krb5_storage *sp;
unsigned char buf[1024];
int32_t tmp;
krb5_data reply;
ret = _kadm5_connect(server_handle);
if(ret)
return ret;
sp = krb5_storage_from_mem(buf, sizeof(buf));
if (sp == NULL) {
krb5_clear_error_message(context->context);
return ENOMEM;
}
krb5_store_int32(sp, kadm_chpass);
krb5_store_principal(sp, princ);
krb5_store_string(sp, password);
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if (ret)
return ret;
ret = _kadm5_client_recv(context, &reply);
if(ret)
return ret;
sp = krb5_storage_from_data (&reply);
if (sp == NULL) {
krb5_clear_error_message(context->context);
krb5_data_free (&reply);
return ENOMEM;
}
krb5_ret_int32(sp, &tmp);
krb5_clear_error_message(context->context);
krb5_storage_free(sp);
krb5_data_free (&reply);
return tmp;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
* Creds
*/
static krb5_error_code
kcm_get_next (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request, *response;
krb5_data response_data;
ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, KCMCURSOR(*cursor));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_ret_creds(response, creds);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
return ret;
}
static krb5_error_code
fkt_end_seq_get(krb5_context context,
krb5_keytab id,
krb5_kt_cursor *cursor)
{
krb5_storage_free(cursor->sp);
_krb5_xunlock(context, cursor->fd);
close(cursor->fd);
return 0;
}
static krb5_error_code
fcc_end_get (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
krb5_storage_free(FCC_CURSOR(*cursor)->sp);
close (FCC_CURSOR(*cursor)->fd);
free(*cursor);
*cursor = NULL;
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_krb_create_ciph(krb5_context context,
const krb5_keyblock *session,
const char *service,
const char *instance,
const char *realm,
uint32_t life,
unsigned char kvno,
const krb5_data *ticket,
uint32_t kdc_time,
const krb5_keyblock *key,
krb5_data *enc_data)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data_zero(enc_data);
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
/* session key */
ret = krb5_storage_write(sp,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
ret = EINVAL;
goto error;
}
RCHECK(ret, put_nir(sp, service, instance, realm), error);
RCHECK(ret, krb5_store_int8(sp, life), error);
RCHECK(ret, krb5_store_int8(sp, kvno), error);
RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
ret = krb5_storage_write(sp, ticket->data, ticket->length);
if (ret != ticket->length) {
ret = EINVAL;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
ret = storage_to_etext(context, sp, key, enc_data);
error:
krb5_storage_free(sp);
if (ret)
krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
return ret;
}
static krb5_error_code
fcc_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
{
krb5_fcache *f = FCACHE(id);
int ret = 0;
int fd;
char *filename = f->filename;
unlink (filename);
ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600);
if(ret)
return ret;
{
krb5_storage *sp;
sp = krb5_storage_emem();
krb5_storage_set_eof_code(sp, KRB5_CC_END);
if(context->fcache_vno != 0)
f->version = context->fcache_vno;
else
f->version = KRB5_FCC_FVNO_4;
ret |= krb5_store_int8(sp, 5);
ret |= krb5_store_int8(sp, f->version);
storage_set_flags(context, sp, f->version);
if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
/* V4 stuff */
if (context->kdc_sec_offset) {
ret |= krb5_store_int16 (sp, 12); /* length */
ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
ret |= krb5_store_int16 (sp, 8); /* length of data */
ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
} else {
ret |= krb5_store_int16 (sp, 0);
}
}
ret |= krb5_store_principal(sp, primary_principal);
ret |= write_storage(context, sp, fd);
krb5_storage_free(sp);
}
fcc_unlock(context, fd);
if (close(fd) < 0)
if (ret == 0) {
ret = errno;
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), strerror(ret));
}
return ret;
}
int
krb_mk_req(KTEXT authent,
char *service, char *instance, char *realm,
int32_t checksum)
#endif
{
CREDENTIALS cr;
KTEXT_ST req;
krb5_storage *sp;
int code;
/* XXX get user realm */
const char *myrealm = realm;
krb5_data a;
code = krb_get_cred(service, instance, realm, &cr);
if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){
code = get_ad_tkt((char *)service,
(char *)instance, (char *)realm, lifetime);
if(code == KSUCCESS)
code = krb_get_cred(service, instance, realm, &cr);
}
if(code)
return code;
sp = krb5_storage_emem();
krb5_store_int8(sp, KRB_PROT_VERSION);
krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST);
krb5_store_int8(sp, cr.kvno);
krb5_store_stringz(sp, realm);
krb5_store_int8(sp, cr.ticket_st.length);
build_request(&req, cr.pname, cr.pinst, myrealm, checksum);
encrypt_ktext(&req, &cr.session, DES_ENCRYPT);
krb5_store_int8(sp, req.length);
krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length);
krb5_storage_write(sp, req.dat, req.length);
krb5_storage_to_data(sp, &a);
krb5_storage_free(sp);
memcpy(authent->dat, a.data, a.length);
authent->length = a.length;
krb5_data_free(&a);
memset(&cr, 0, sizeof(cr));
memset(&req, 0, sizeof(req));
return KSUCCESS;
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_krb_create_ticket(krb5_context context,
unsigned char flags,
const char *pname,
const char *pinstance,
const char *prealm,
int32_t paddress,
const krb5_keyblock *session,
int16_t life,
int32_t life_sec,
const char *sname,
const char *sinstance,
const krb5_keyblock *key,
krb5_data *enc_data)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data_zero(enc_data);
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
RCHECK(ret, krb5_store_int8(sp, flags), error);
RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error);
RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error);
/* session key */
ret = krb5_storage_write(sp,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
ret = EINVAL;
goto error;
}
RCHECK(ret, krb5_store_int8(sp, life), error);
RCHECK(ret, krb5_store_int32(sp, life_sec), error);
RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error);
ret = storage_to_etext(context, sp, key, enc_data);
error:
krb5_storage_free(sp);
if (ret)
krb5_set_error_string(context, "Failed to encode kerberos 4 ticket");
return ret;
}
static void
test_storage(krb5_context context, krb5_storage *sp)
{
test_int8(context, sp);
test_int16(context, sp);
test_int32(context, sp);
test_uint8(context, sp);
test_uint16(context, sp);
test_uint32(context, sp);
krb5_storage_free(sp);
}
static OM_uint32
_gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
{
krb5_storage *request, *response;
krb5_data response_data;
krb5_context context;
krb5_error_code ret;
ntlm_cred cred;
cred = (ntlm_cred)*cred_handle;
ret = krb5_init_context(&context);
if (ret)
return ret;
ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
if (ret)
goto out;
ret = krb5_store_stringz(request, cred->username);
if (ret)
goto out;
ret = krb5_store_stringz(request, cred->domain);
if (ret)
goto out;
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret)
goto out;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
out:
krb5_free_context(context);
return ret;
}
kadm5_ret_t
kadm5_c_rename_principal(void *server_handle,
krb5_principal source,
krb5_principal target)
{
kadm5_client_context *context = server_handle;
kadm5_ret_t ret;
krb5_storage *sp;
unsigned char buf[1024];
int32_t tmp;
krb5_data reply;
ret = _kadm5_connect(server_handle);
if(ret)
return ret;
sp = krb5_storage_from_mem(buf, sizeof(buf));
if (sp == NULL)
return ENOMEM;
krb5_store_int32(sp, kadm_rename);
krb5_store_principal(sp, source);
krb5_store_principal(sp, target);
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if (ret)
return ret;
ret = _kadm5_client_recv(context, &reply);
if(ret)
return ret;
sp = krb5_storage_from_data (&reply);
if (sp == NULL) {
krb5_data_free (&reply);
return ENOMEM;
}
krb5_ret_int32(sp, &tmp);
ret = tmp;
krb5_storage_free(sp);
krb5_data_free (&reply);
return ret;
}
/*
* Request:
*
* Response:
* NameZ
*/
static krb5_error_code
kcm_gen_new(krb5_context context, krb5_ccache *id)
{
krb5_kcmcache *k;
krb5_error_code ret;
krb5_storage *request, *response;
krb5_data response_data;
ret = kcm_alloc(context, NULL, id);
if (ret)
return ret;
k = KCMCACHE(*id);
ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request);
if (ret) {
kcm_free(context, id);
return ret;
}
ret = krb5_kcm_call(context, request, &response, &response_data);
if (ret) {
krb5_storage_free(request);
kcm_free(context, id);
return ret;
}
ret = krb5_ret_stringz(response, &k->name);
if (ret)
ret = KRB5_CC_IO;
krb5_storage_free(request);
krb5_storage_free(response);
krb5_data_free(&response_data);
if (ret)
kcm_free(context, id);
return ret;
}
static krb5_error_code
kcm_unhold(krb5_context context, krb5_ccache id)
{
krb5_storage *request;
krb5_kcmcache *k = KCMCACHE(id);
krb5_error_code ret;
ret = krb5_kcm_storage_request(context, KCM_OP_RELEASE_KCRED, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
static krb5_error_code
kcm_set_default(krb5_context context, krb5_ccache id)
{
krb5_error_code ret;
krb5_storage *request;
krb5_kcmcache *k = KCMCACHE(id);
ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_kcm_call(context, request, NULL, NULL);
krb5_storage_free(request);
return ret;
}
/*
* Request:
* NameZ
* Cursor
*
* Response:
*
*/
static krb5_error_code
kcm_end_get (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
krb5_error_code ret;
krb5_kcmcache *k = KCMCACHE(id);
krb5_storage *request;
ret = kcm_storage_request(context, KCM_OP_END_GET, &request);
if (ret)
return ret;
ret = krb5_store_stringz(request, k->name);
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = krb5_store_int32(request, KCMCURSOR(*cursor));
if (ret) {
krb5_storage_free(request);
return ret;
}
ret = kcm_call(context, k, request, NULL, NULL);
if (ret) {
krb5_storage_free(request);
return ret;
}
krb5_storage_free(request);
KCMCURSOR(*cursor) = 0;
free(*cursor);
*cursor = NULL;
return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_krb_tf_setup(krb5_context context,
struct credentials *v4creds,
const char *tkfile,
int append)
{
krb5_error_code ret;
krb5_storage *sp;
sp = krb5_storage_emem();
if (sp == NULL)
return ENOMEM;
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
krb5_storage_set_eof_code(sp, KRB5_CC_IO);
krb5_clear_error_string(context);
if (!append) {
RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error);
}
/* cred */
RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error);
ret = krb5_storage_write(sp, v4creds->session, 8);
if (ret != 8) {
ret = KRB5_CC_IO;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error);
RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error);
RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error);
ret = krb5_storage_write(sp, v4creds->ticket_st.dat,
v4creds->ticket_st.length);
if (ret != v4creds->ticket_st.length) {
ret = KRB5_CC_IO;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error);
ret = write_v4_cc(context, tkfile, sp, append);
error:
krb5_storage_free(sp);
return ret;
}