/* * try_ccache() * * Attempt to retrieve desired NXT_TGT from ccache. Point NXT_TGT to * it if successful. */ static krb5_error_code try_ccache(struct tr_state *ts, krb5_creds *tgtq) { krb5_error_code retval; krb5_timestamp saved_endtime; TR_DBG(ts, "try_ccache"); /* * Solaris Kerberos: * Ensure the retrieved cred isn't stale. * Set endtime to now so krb5_cc_retrieve_cred won't return an expired ticket. */ saved_endtime = tgtq->times.endtime; if ((retval = krb5_timeofday(ts->ctx, &(tgtq->times.endtime))) != 0) { tgtq->times.endtime = saved_endtime; return retval; } retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache, RETR_FLAGS, tgtq, ts->nxt_cc_tgt); if (!retval) { shift_cc_tgts(ts); ts->nxt_tgt = ts->cur_cc_tgt; } /* * Solaris Kerberos: * Ensure that tgtq->times.endtime is reset back to its original value so * that if tgtq is used to request a ticket from the KDC it doesn't request * a ticket with an endtime set to "now". */ tgtq->times.endtime = saved_endtime; TR_DBG_RET(ts, "try_ccache", retval); return retval; }
/* * try_ccache() * * Attempt to retrieve desired NXT_TGT from ccache. Point NXT_TGT to * it if successful. */ static krb5_error_code try_ccache(struct tr_state *ts, krb5_creds *tgtq) { krb5_error_code retval; TR_DBG(ts, "try_ccache"); retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache, RETR_FLAGS, tgtq, ts->nxt_cc_tgt); if (!retval) { shift_cc_tgts(ts); ts->nxt_tgt = ts->cur_cc_tgt; } TR_DBG_RET(ts, "try_ccache", retval); return retval; }
/* * retr_local_tgt() * * Prime CUR_TGT with the cached TGT of the client's local realm. */ static krb5_error_code retr_local_tgt(struct tr_state *ts, krb5_principal client) { krb5_error_code retval; krb5_creds tgtq; memset(&tgtq, 0, sizeof(tgtq)); retval = tgt_mcred(ts->ctx, client, client, client, &tgtq); if (retval) return retval; /* Match realm, unlike other ccache retrievals here. */ retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache, KRB5_TC_SUPPORTED_KTYPES, &tgtq, ts->nxt_cc_tgt); krb5_free_cred_contents(ts->ctx, &tgtq); if (!retval) { shift_cc_tgts(ts); ts->nxt_tgt = ts->cur_tgt = ts->cur_cc_tgt; } return retval; }