static cc_int32 ccache_store_credentials(cc_ccache_t io_ccache, const cc_credentials_union *in_credentials_union) { struct cc_ccache *c = (struct cc_ccache *)io_ccache; krb5_error_code ret; krb5_creds hcred; LOG_ENTRY(); if (in_credentials_union == NULL) return ccErrBadParam; if (in_credentials_union->version != cc_credentials_v5) return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version"); if (in_credentials_union->credentials.credentials_v5->client == NULL) return ccErrBadParam; update_time(&c->change_time); update_time(&context_change_time); make_cred_from_ccred(milcontext, in_credentials_union->credentials.credentials_v5, &hcred); ret = heim_krb5_cc_store_cred(milcontext, c->id, &hcred); heim_krb5_free_cred_contents(milcontext, &hcred); if (ret) return LOG_FAILURE(ccErrInvalidCCache, "store cred"); return ccNoError; }
KLStatus KLAcquireNewInitialTicketsWithPassword(KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_ccache cache; krb5_creds creds; char *service = NULL; krb5_get_init_creds_opt *opt = NULL; LOG_ENTRY(); if (inLoginOptions) { service = inLoginOptions->service; opt = inLoginOptions->opt; } ret = heim_krb5_get_init_creds_password(context, &creds, inPrincipal, inPassword, NULL, NULL, 0, service, opt); if (ret) return ret; ret = heim_krb5_cc_cache_match(context, inPrincipal, &cache); if (ret) ret = heim_krb5_cc_new_unique(context, NULL, NULL, &cache); if (ret) goto out; ret = heim_krb5_cc_initialize(context, cache, creds.client); if(ret) goto out; ret = heim_krb5_cc_store_cred(context, cache, &creds); if (ret) goto out; if (outCredCacheName) *outCredCacheName = strdup(heim_krb5_cc_get_name(context, cache)); out: if (cache) { if (ret) krb5_cc_destroy((mit_krb5_context)context, (mit_krb5_ccache)cache); else heim_krb5_cc_close(context, cache); } heim_krb5_free_cred_contents(context, &creds); return ret; }
mit_krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password(mit_krb5_context context, mit_krb5_flags flags, mit_krb5_address * const *addr, mit_krb5_enctype *enctype, mit_krb5_preauthtype *preauth, const char *password, mit_krb5_ccache cache, mit_krb5_creds *cred, mit_krb5_kdc_rep **rep) { struct comb_principal *p; krb5_error_code ret; krb5_creds hcreds; LOG_ENTRY(); if (rep) *rep = NULL; if (cred->client) p = (struct comb_principal *)cred->client; else return KRB5_PRINC_NOMATCH; memset(&hcreds, 0, sizeof(hcreds)); ret = heim_krb5_get_init_creds_password(HC(context), &hcreds, p->heim, password, NULL, NULL, 0, NULL, NULL); if (ret) return ret; if (cache) heim_krb5_cc_store_cred(HC(context), (krb5_ccache)cache, &hcreds); heim_krb5_free_cred_contents(HC(context), &hcreds); return 0; }
KLStatus KLRenewInitialTickets(KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, KLPrincipal *outPrincipal, char **outCredCacheName) { krb5_context context = mshim_ctx(); krb5_error_code ret; krb5_creds in, *cred = NULL; krb5_ccache id; krb5_kdc_flags flags; krb5_const_realm realm; krb5_principal principal = NULL; memset(&in, 0, sizeof(in)); LOG_ENTRY(); if (outPrincipal) *outPrincipal = NULL; if (outCredCacheName) *outCredCacheName = NULL; if (inPrincipal) { principal = inPrincipal; } else { ret = heim_krb5_get_default_principal(context, &principal); if (ret) return ret; } ret = heim_krb5_cc_cache_match(context, principal, &id); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); return ret; } in.client = principal; realm = heim_krb5_principal_get_realm(context, in.client); if (inLoginOptions && inLoginOptions->service) ret = heim_krb5_make_principal(context, &in.server, realm, inLoginOptions->service, NULL); else ret = heim_krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) { if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); heim_krb5_cc_close(context, id); return ret; } flags.i = 0; if (inLoginOptions) flags.i = inLoginOptions->opt->flags; /* Pull out renewable from previous ticket */ ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in, &cred); if (inPrincipal == NULL) heim_krb5_free_principal(context, principal); if (ret == 0 && cred) { flags.b.renewable = cred->flags.b.renewable; heim_krb5_free_creds (context, cred); cred = NULL; } flags.b.renew = 1; ret = heim_krb5_get_kdc_cred(context, id, flags, NULL, NULL, &in, &cred); heim_krb5_free_principal(context, in.server); if (ret) goto out; ret = heim_krb5_cc_initialize(context, id, in.client); if (ret) goto out; ret = heim_krb5_cc_store_cred(context, id, cred); out: if (cred) heim_krb5_free_creds (context, cred); heim_krb5_cc_close(context, id); return ret; }