BOOL Leash_ms2mit(BOOL save_creds) { #ifdef NO_KRB5 return(FALSE); #else /* NO_KRB5 */ krb5_context kcontext = 0; krb5_error_code code; krb5_ccache ccache=0; krb5_ccache mslsa_ccache=0; krb5_creds creds; krb5_cc_cursor cursor=0; krb5_principal princ = 0; BOOL rc = FALSE; if ( !pkrb5_init_context ) goto cleanup; if (code = pkrb5_init_context(&kcontext)) goto cleanup; if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) goto cleanup; if ( save_creds ) { if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) goto cleanup; if (code = pkrb5_cc_default(kcontext, &ccache)) goto cleanup; if (code = pkrb5_cc_initialize(kcontext, ccache, princ)) goto cleanup; if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) goto cleanup; rc = TRUE; } else { /* Enumerate tickets from cache looking for an initial ticket */ if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) goto cleanup; while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds))) { if ( creds.ticket_flags & TKT_FLG_INITIAL ) { rc = TRUE; pkrb5_free_cred_contents(kcontext, &creds); break; } pkrb5_free_cred_contents(kcontext, &creds); } pkrb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor); } cleanup: if (princ) pkrb5_free_principal(kcontext, princ); if (ccache) pkrb5_cc_close(kcontext, ccache); if (mslsa_ccache) pkrb5_cc_close(kcontext, mslsa_ccache); if (kcontext) pkrb5_free_context(kcontext); return(rc); #endif /* NO_KRB5 */ }
int do_ccache(krb5_context ctx, krb5_ccache cache, TICKETINFO ***ticketInfoTail) { krb5_cc_cursor cur; krb5_creds creds; krb5_principal princ = NULL; krb5_flags flags; krb5_error_code code; char *defname = NULL; char *functionName = NULL; TicketList **ticketListTail; TICKETINFO *ticketinfo; flags = 0; /* turns off OPENCLOSE mode */ code = pkrb5_cc_set_flags(ctx, cache, flags); if (code) { functionName = "krb5_cc_set_flags"; goto cleanup; } code = pkrb5_cc_get_principal(ctx, cache, &princ); if (code) { functionName = "krb5_cc_get_principal"; goto cleanup; } code = pkrb5_unparse_name(ctx, princ, &defname); if (code) { functionName = "krb5_unparse_name"; goto cleanup; } code = pkrb5_cc_start_seq_get(ctx, cache, &cur); if (code) { functionName = "krb5_cc_start_seq_get"; goto cleanup; } ticketinfo = calloc(1, sizeof(TICKETINFO)); if (ticketinfo == NULL) { functionName = "calloc"; code = ENOMEM; goto cleanup; } ticketinfo->next = NULL; ticketinfo->ticket_list = NULL; ticketinfo->principal = strdup(defname); if (ticketinfo->principal == NULL) { functionName = "strdup"; code = ENOMEM; goto cleanup; } ticketinfo->ccache_name = strdup(pkrb5_cc_get_name(ctx, cache)); if (ticketinfo->ccache_name == NULL) { functionName = "strdup"; code = ENOMEM; goto cleanup; } **ticketInfoTail = ticketinfo; *ticketInfoTail = &ticketinfo->next; ticketListTail = &ticketinfo->ticket_list; while (!(code = pkrb5_cc_next_cred(ctx, cache, &cur, &creds))) { if (pkrb5_is_config_principal(ctx, creds.server)) continue; CredToTicketList(ctx, creds, defname, &ticketListTail); CredToTicketInfo(creds, ticketinfo); pkrb5_free_cred_contents(ctx, &creds); } if (code == KRB5_CC_END) { code = pkrb5_cc_end_seq_get(ctx, cache, &cur); if (code) { functionName = "krb5_cc_end_seq_get"; goto cleanup; } flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ code = pkrb5_cc_set_flags(ctx, cache, flags); if (code) { functionName = "krb5_cc_set_flags"; goto cleanup; } } else { functionName = "krb5_cc_next_cred"; goto cleanup; } cleanup: if (code) { Leash_krb5_error(code, functionName, 0, NULL, NULL); } if (princ) pkrb5_free_principal(ctx, princ); if (defname) pkrb5_free_unparsed_name(ctx, defname); return code ? 1 : 0; }
khm_int32 KHMAPI khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, khm_handle ident, krb5_timestamp * pexpiration) { krb5_principal principal = 0; char * princ_name = NULL; krb5_creds creds; krb5_error_code code; krb5_error_code cc_code; krb5_cc_cursor cur; krb5_timestamp now, expiration = 0; wchar_t w_ident_name[KCDB_IDENT_MAXCCH_NAME]; char ident_name[KCDB_IDENT_MAXCCH_NAME]; khm_size cb; khm_int32 rv = KHM_ERROR_NOT_FOUND; if (!ctx || !cc || !ident || !pexpiration) return KHM_ERROR_GENERAL; code = pkrb5_cc_get_principal(ctx, cc, &principal); if ( code ) return KHM_ERROR_INVALID_PARAM; cb = sizeof(w_ident_name); kcdb_identity_get_name(ident, w_ident_name, &cb); UnicodeStrToAnsi(ident_name, sizeof(ident_name), w_ident_name); code = pkrb5_unparse_name(ctx, principal, &princ_name); /* compare principal to ident. */ if ( code || !princ_name || strcmp(princ_name, ident_name) ) { if (princ_name) pkrb5_free_unparsed_name(ctx, princ_name); pkrb5_free_principal(ctx, principal); return KHM_ERROR_UNKNOWN; } pkrb5_free_unparsed_name(ctx, princ_name); pkrb5_free_principal(ctx, principal); code = pkrb5_timeofday(ctx, &now); if (code) return KHM_ERROR_UNKNOWN; cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur); while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) { krb5_data * c0 = krb5_princ_name(ctx, creds.server); krb5_data * c1 = krb5_princ_component(ctx, creds.server, 1); krb5_data * r = krb5_princ_realm(ctx, creds.server); if ( c0 && c1 && r && c1->length == r->length && !strncmp(c1->data,r->data,r->length) && !strncmp("krbtgt",c0->data,c0->length) ) { /* we have a TGT, check for the expiration time. * if it is valid and renewable, use the renew time */ if (!(creds.ticket_flags & TKT_FLG_INVALID) && creds.times.starttime < (now + TIMET_TOLERANCE) && (creds.times.endtime + TIMET_TOLERANCE) > now) { expiration = creds.times.endtime; if ((creds.ticket_flags & TKT_FLG_RENEWABLE) && (creds.times.renew_till > creds.times.endtime)) { expiration = creds.times.renew_till; } } } } if (cc_code == KRB5_CC_END) { cc_code = pkrb5_cc_end_seq_get(ctx, cc, &cur); rv = KHM_ERROR_SUCCESS; *pexpiration = expiration; } return rv; }