/* Return 0 if cache is accessible, present, and unexpired; return 1 if not. */ static int check_ccache(krb5_ccache cache) { krb5_error_code ret; krb5_cc_cursor cur; krb5_creds creds; krb5_principal princ; krb5_boolean found_tgt, found_current_tgt, found_current_cred; if (krb5_cc_get_principal(context, cache, &princ) != 0) return 1; if (krb5_cc_start_seq_get(context, cache, &cur) != 0) return 1; found_tgt = found_current_tgt = found_current_cred = FALSE; while ((ret = krb5_cc_next_cred(context, cache, &cur, &creds)) == 0) { if (is_local_tgt(creds.server, &princ->realm)) { found_tgt = TRUE; if (ts_after(creds.times.endtime, now)) found_current_tgt = TRUE; } else if (!krb5_is_config_principal(context, creds.server) && ts_after(creds.times.endtime, now)) { found_current_cred = TRUE; } krb5_free_cred_contents(context, &creds); } krb5_free_principal(context, princ); if (ret != KRB5_CC_END) return 1; if (krb5_cc_end_seq_get(context, cache, &cur) != 0) return 1; /* If the cache contains at least one local TGT, require that it be * current. Otherwise accept any current cred. */ if (found_tgt) return found_current_tgt ? 0 : 1; return found_current_cred ? 0 : 1; }
int main(int argc, char *argv[]) { krb5_context kcontext = NULL; krb5_error_code code; krb5_ccache ccache=NULL; krb5_ccache mslsa_ccache=NULL; krb5_cc_cursor cursor; krb5_creds creds; krb5_principal princ = NULL; int found_tgt = 0; int has_tickets; int option; char * ccachestr = 0; prog = strrchr(argv[0], '/'); prog = prog ? (prog + 1) : argv[0]; while ((option = getopt(argc, argv, "c:h")) != -1) { switch (option) { case 'c': ccachestr = optarg; break; case 'h': default: xusage(); break; } } if (code = krb5_init_context(&kcontext)) { com_err(argv[0], code, "while initializing kerberos library"); goto cleanup; } if (code = krb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) { com_err(argv[0], code, "while opening MS LSA ccache"); goto cleanup; } /* Enumerate tickets from cache looking for a TGT */ if ((code = krb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) { com_err(argv[0], code, "while initiating the cred sequence of MS LSA ccache"); goto cleanup; } while (!found_tgt) { code = krb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds); if (code) break; /* Check if the ticket is a TGT */ if (is_local_tgt(creds.server)) found_tgt = 1; krb5_free_cred_contents(kcontext, &creds); } krb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor); if (!found_tgt) { fprintf(stderr, "%s: Initial Ticket Getting Tickets are not available from the MS LSA\n", argv[0]); /* Only set the LSA cache as the default if it actually has tickets. */ code = cc_has_tickets(kcontext, mslsa_ccache, &has_tickets); if (code) goto cleanup; if (has_tickets) code = krb5int_cc_user_set_default_name(kcontext, "MSLSA:"); goto cleanup; } if (code = krb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) { com_err(argv[0], code, "while obtaining MS LSA principal"); goto cleanup; } if (ccachestr) code = krb5_cc_resolve(kcontext, ccachestr, &ccache); else code = krb5_cc_resolve(kcontext, "API:", &ccache); if (code) { com_err(argv[0], code, "while getting default ccache"); goto cleanup; } if (code = krb5_cc_initialize(kcontext, ccache, princ)) { com_err (argv[0], code, "when initializing ccache"); goto cleanup; } if (code = krb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) { com_err (argv[0], code, "while copying MS LSA ccache to default ccache"); goto cleanup; } /* Don't try and set the default cache if the cache name was specified. */ if (ccachestr == NULL) { /* On success set the default cache to API. */ code = krb5int_cc_user_set_default_name(kcontext, "API:"); if (code) { com_err(argv[0], code, "when setting default to API"); goto cleanup; } } cleanup: krb5_free_principal(kcontext, princ); if (ccache != NULL) krb5_cc_close(kcontext, ccache); if (mslsa_ccache != NULL) krb5_cc_close(kcontext, mslsa_ccache); krb5_free_context(kcontext); return code ? 1 : 0; }