static cc_int32
ccache_set_principal(cc_ccache_t io_ccache, cc_uint32 in_credentials_version, const char *in_principal)
{
struct cc_ccache *c = (struct cc_ccache *)io_ccache;
krb5_error_code ret;
krb5_principal p;
LOG_ENTRY();
if (in_principal == NULL)
return ccErrBadParam;
if (in_credentials_version != cc_credentials_v5)
return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version");
update_time(&c->change_time);
update_time(&context_change_time);
ret = heim_krb5_parse_name(milcontext, in_principal, &p);
if (ret)
return LOG_FAILURE(ccErrBadParam, "parse name");
ret = heim_krb5_cc_initialize(milcontext, c->id, p);
heim_krb5_free_principal(milcontext, p);
if (ret)
return LOG_FAILURE(ccErrInvalidCCache, "init cache");
return ccNoError;
}
KLStatus
KLAcquireNewInitialTicketsWithPassword(KLPrincipal inPrincipal,
KLLoginOptions inLoginOptions,
const char *inPassword,
char **outCredCacheName)
{
krb5_context context = mshim_ctx();
krb5_error_code ret;
krb5_ccache cache;
krb5_creds creds;
char *service = NULL;
krb5_get_init_creds_opt *opt = NULL;
LOG_ENTRY();
if (inLoginOptions) {
service = inLoginOptions->service;
opt = inLoginOptions->opt;
}
ret = heim_krb5_get_init_creds_password(context, &creds,
inPrincipal, inPassword,
NULL, NULL, 0,
service,
opt);
if (ret)
return ret;
ret = heim_krb5_cc_cache_match(context, inPrincipal, &cache);
if (ret)
ret = heim_krb5_cc_new_unique(context, NULL, NULL, &cache);
if (ret)
goto out;
ret = heim_krb5_cc_initialize(context, cache, creds.client);
if(ret)
goto out;
ret = heim_krb5_cc_store_cred(context, cache, &creds);
if (ret)
goto out;
if (outCredCacheName)
*outCredCacheName = strdup(heim_krb5_cc_get_name(context, cache));
out:
if (cache) {
if (ret)
krb5_cc_destroy((mit_krb5_context)context, (mit_krb5_ccache)cache);
else
heim_krb5_cc_close(context, cache);
}
heim_krb5_free_cred_contents(context, &creds);
return ret;
}
static cc_int32
context_create_default_ccache(cc_context_t in_context,
cc_uint32 in_cred_vers,
const char *in_principal,
cc_ccache_t *out_ccache)
{
krb5_principal principal;
krb5_error_code ret;
struct cc_ccache *c;
krb5_ccache id;
LOG_ENTRY();
if (in_cred_vers != cc_credentials_v5)
return ccErrBadCredentialsVersion;
if (out_ccache == NULL || in_principal == NULL)
return ccErrBadParam;
*out_ccache = NULL;
update_time(&context_change_time);
ret = heim_krb5_cc_default(milcontext, &id);
if (ret)
return LOG_FAILURE(ret, "cc default");
ret = heim_krb5_parse_name(milcontext, in_principal, &principal);
if (ret) {
heim_krb5_cc_close(milcontext, id);
return LOG_FAILURE(ret, "parse name");
}
ret = heim_krb5_cc_initialize(milcontext, id, principal);
heim_krb5_free_principal(milcontext, principal);
if (ret) {
mit_krb5_cc_destroy((mit_krb5_context)milcontext, (mit_krb5_ccache)id);
return LOG_FAILURE(ret, "cc init");
}
c = (struct cc_ccache *)create_ccache(id);
update_time(&c->last_default_time);
*out_ccache = (cc_ccache_t)c;
return ccNoError;
}
static cc_int32
context_create_new_ccache(cc_context_t in_context,
cc_uint32 in_cred_vers,
const char *in_principal,
cc_ccache_t *out_ccache)
{
krb5_principal principal;
krb5_error_code ret;
krb5_ccache id;
LOG_ENTRY();
if (in_cred_vers != cc_credentials_v5)
return ccErrBadCredentialsVersion;
if (out_ccache == NULL || in_principal == NULL)
return ccErrBadParam;
update_time(&context_change_time);
ret = heim_krb5_parse_name(milcontext, in_principal, &principal);
if (ret)
return LOG_FAILURE(ret, "parse name");
ret = heim_krb5_cc_new_unique(milcontext, NULL, NULL, &id);
if (ret) {
heim_krb5_free_principal(milcontext, principal);
return LOG_FAILURE(ret, "new unique");
}
ret = heim_krb5_cc_initialize(milcontext, id, principal);
heim_krb5_free_principal(milcontext, principal);
if (ret) {
mit_krb5_cc_destroy((mit_krb5_context)milcontext, (mit_krb5_ccache)id);
return LOG_FAILURE(ret, "cc init");
}
*out_ccache = create_ccache(id);
return ccNoError;
}
KLStatus
KLRenewInitialTickets(KLPrincipal inPrincipal,
KLLoginOptions inLoginOptions,
KLPrincipal *outPrincipal,
char **outCredCacheName)
{
krb5_context context = mshim_ctx();
krb5_error_code ret;
krb5_creds in, *cred = NULL;
krb5_ccache id;
krb5_kdc_flags flags;
krb5_const_realm realm;
krb5_principal principal = NULL;
memset(&in, 0, sizeof(in));
LOG_ENTRY();
if (outPrincipal)
*outPrincipal = NULL;
if (outCredCacheName)
*outCredCacheName = NULL;
if (inPrincipal) {
principal = inPrincipal;
} else {
ret = heim_krb5_get_default_principal(context, &principal);
if (ret)
return ret;
}
ret = heim_krb5_cc_cache_match(context, principal, &id);
if (ret) {
if (inPrincipal == NULL)
heim_krb5_free_principal(context, principal);
return ret;
}
in.client = principal;
realm = heim_krb5_principal_get_realm(context, in.client);
if (inLoginOptions && inLoginOptions->service)
ret = heim_krb5_make_principal(context, &in.server, realm, inLoginOptions->service, NULL);
else
ret = heim_krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL);
if (ret) {
if (inPrincipal == NULL)
heim_krb5_free_principal(context, principal);
heim_krb5_cc_close(context, id);
return ret;
}
flags.i = 0;
if (inLoginOptions)
flags.i = inLoginOptions->opt->flags;
/* Pull out renewable from previous ticket */
ret = heim_krb5_get_credentials(context, KRB5_GC_CACHED, id, &in, &cred);
if (inPrincipal == NULL)
heim_krb5_free_principal(context, principal);
if (ret == 0 && cred) {
flags.b.renewable = cred->flags.b.renewable;
heim_krb5_free_creds (context, cred);
cred = NULL;
}
flags.b.renew = 1;
ret = heim_krb5_get_kdc_cred(context, id, flags, NULL, NULL, &in, &cred);
heim_krb5_free_principal(context, in.server);
if (ret)
goto out;
ret = heim_krb5_cc_initialize(context, id, in.client);
if (ret)
goto out;
ret = heim_krb5_cc_store_cred(context, id, cred);
out:
if (cred)
heim_krb5_free_creds (context, cred);
heim_krb5_cc_close(context, id);
return ret;
}
