static cc_int32
ccache_store_credentials(cc_ccache_t io_ccache, const cc_credentials_union *in_credentials_union)
{
struct cc_ccache *c = (struct cc_ccache *)io_ccache;
krb5_error_code ret;
krb5_creds hcred;
LOG_ENTRY();
if (in_credentials_union == NULL)
return ccErrBadParam;
if (in_credentials_union->version != cc_credentials_v5)
return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version");
if (in_credentials_union->credentials.credentials_v5->client == NULL)
return ccErrBadParam;
update_time(&c->change_time);
update_time(&context_change_time);
make_cred_from_ccred(milcontext, in_credentials_union->credentials.credentials_v5, &hcred);
ret = heim_krb5_cc_store_cred(milcontext, c->id, &hcred);
heim_krb5_free_cred_contents(milcontext, &hcred);
if (ret)
return LOG_FAILURE(ccErrInvalidCCache, "store cred");
return ccNoError;
}
KLStatus
KLAcquireNewInitialTicketsWithPassword(KLPrincipal inPrincipal,
KLLoginOptions inLoginOptions,
const char *inPassword,
char **outCredCacheName)
{
krb5_context context = mshim_ctx();
krb5_error_code ret;
krb5_ccache cache;
krb5_creds creds;
char *service = NULL;
krb5_get_init_creds_opt *opt = NULL;
LOG_ENTRY();
if (inLoginOptions) {
service = inLoginOptions->service;
opt = inLoginOptions->opt;
}
ret = heim_krb5_get_init_creds_password(context, &creds,
inPrincipal, inPassword,
NULL, NULL, 0,
service,
opt);
if (ret)
return ret;
ret = heim_krb5_cc_cache_match(context, inPrincipal, &cache);
if (ret)
ret = heim_krb5_cc_new_unique(context, NULL, NULL, &cache);
if (ret)
goto out;
ret = heim_krb5_cc_initialize(context, cache, creds.client);
if(ret)
goto out;
ret = heim_krb5_cc_store_cred(context, cache, &creds);
if (ret)
goto out;
if (outCredCacheName)
*outCredCacheName = strdup(heim_krb5_cc_get_name(context, cache));
out:
if (cache) {
if (ret)
krb5_cc_destroy((mit_krb5_context)context, (mit_krb5_ccache)cache);
else
heim_krb5_cc_close(context, cache);
}
heim_krb5_free_cred_contents(context, &creds);
return ret;
}
mit_krb5_error_code KRB5_CALLCONV
krb5_get_in_tkt_with_password(mit_krb5_context context,
mit_krb5_flags flags,
mit_krb5_address * const *addr,
mit_krb5_enctype *enctype,
mit_krb5_preauthtype *preauth,
const char *password,
mit_krb5_ccache cache,
mit_krb5_creds *cred,
mit_krb5_kdc_rep **rep)
{
struct comb_principal *p;
krb5_error_code ret;
krb5_creds hcreds;
LOG_ENTRY();
if (rep)
*rep = NULL;
if (cred->client)
p = (struct comb_principal *)cred->client;
else
return KRB5_PRINC_NOMATCH;
memset(&hcreds, 0, sizeof(hcreds));
ret = heim_krb5_get_init_creds_password(HC(context), &hcreds, p->heim, password,
NULL, NULL, 0, NULL, NULL);
if (ret)
return ret;
if (cache)
heim_krb5_cc_store_cred(HC(context), (krb5_ccache)cache, &hcreds);
heim_krb5_free_cred_contents(HC(context), &hcreds);
return 0;
}
KLStatus
KLRenewInitialTickets(KLPrincipal inPrincipal,
KLLoginOptions inLoginOptions,
KLPrincipal *outPrincipal,
char **outCredCacheName)
{
krb5_context context = mshim_ctx();
krb5_error_code ret;
krb5_creds in, *cred = NULL;
krb5_ccache id;
krb5_kdc_flags flags;
krb5_const_realm realm;
krb5_principal principal = NULL;
memset(&in, 0, sizeof(in));
LOG_ENTRY();
if (outPrincipal)
*outPrincipal = NULL;
if (outCredCacheName)
*outCredCacheName = NULL;
if (inPrincipal) {
principal = inPrincipal;
} else {
ret = heim_krb5_get_default_principal(context, &principal);
if (ret)
return ret;
}
ret = heim_krb5_cc_cache_match(context, principal, &id);
if (ret) {
if (inPrincipal == NULL)
heim_krb5_free_principal(context, principal);
return ret;
}
in.client = principal;
realm = heim_krb5_principal_get_realm(context, in.client);
if (inLoginOptions && inLoginOptions->service)
ret = heim_krb5_make_principal(context, &in.server, realm, inLoginOptions->service, NULL);
else
ret = heim_krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL);
if (ret) {
if (inPrincipal == NULL)
heim_krb5_free_principal(context, principal);
heim_krb5_cc_close(context, id);
return ret;
}
flags.i = 0;
if (inLoginOptions)
flags.i = inLoginOptions->opt->flags;
/* Pull out renewable from previous ticket */
ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in, &cred);
if (inPrincipal == NULL)
heim_krb5_free_principal(context, principal);
if (ret == 0 && cred) {
flags.b.renewable = cred->flags.b.renewable;
heim_krb5_free_creds (context, cred);
cred = NULL;
}
flags.b.renew = 1;
ret = heim_krb5_get_kdc_cred(context, id, flags, NULL, NULL, &in, &cred);
heim_krb5_free_principal(context, in.server);
if (ret)
goto out;
ret = heim_krb5_cc_initialize(context, id, in.client);
if (ret)
goto out;
ret = heim_krb5_cc_store_cred(context, id, cred);
out:
if (cred)
heim_krb5_free_creds (context, cred);
heim_krb5_cc_close(context, id);
return ret;
}
