KLStatus KLLoginOptionsSetProxiable (KLLoginOptions ioOptions, KLBoolean inProxiable) { LOG_ENTRY(); heim_krb5_get_init_creds_opt_set_proxiable(ioOptions->opt, inProxiable); return klNoErr; }
void KRB5_CALLCONV krb5_get_init_creds_opt_set_preauth_list(mit_krb5_get_init_creds_opt *opt, mit_krb5_preauthtype *preauth_list, int preauth_list_length) { LOG_ENTRY(); }
void KRB5_CALLCONV krb5_get_init_creds_opt_free(mit_krb5_context context, mit_krb5_get_init_creds_opt *opt) { LOG_ENTRY(); free(opt); }
cc_int32 cc_iterator_next(cc_ccache_iterator_t in_ccache_iterator, cc_ccache_t *out_ccache) { struct cc_iter *c = (struct cc_iter *)in_ccache_iterator; krb5_error_code ret; krb5_ccache id; LOG_ENTRY(); if (out_ccache == NULL) return ccErrBadParam; while (1) { const char *type; ret = mit_krb5_cccol_cursor_next((mit_krb5_context)milcontext, c->cursor, (mit_krb5_ccache *)&id); if (ret == KRB5_CC_END || id == NULL) return ccIteratorEnd; else if (ret) return LOG_FAILURE(ret, "ccol next cursor"); type = heim_krb5_cc_get_type(milcontext, id); if (strcmp(type, "API") == 0 || strcmp(type, "KCM") == 0) break; heim_krb5_cc_close(milcontext, id); } *out_ccache = create_ccache(id); return ccNoError; }
mit_krb5_error_code KRB5_CALLCONV krb5_c_string_to_key(mit_krb5_context context, mit_krb5_enctype enctype, const mit_krb5_data *string, const mit_krb5_data *salt, mit_krb5_keyblock *key) { krb5_data hstring; krb5_error_code ret; krb5_salt hsalt; krb5_keyblock hkey; LOG_ENTRY(); mshim_mdata2hdata(string, &hstring); hsalt.salttype = (krb5_salttype)KRB5_PADATA_PW_SALT; mshim_mdata2hdata(salt, &hsalt.saltvalue); ret = heim_krb5_string_to_key_data_salt(HC(context), enctype, hstring, hsalt, &hkey); heim_krb5_data_free(&hstring); heim_krb5_data_free(&hsalt.saltvalue); if (ret) return ret; mshim_hkeyblock2mkeyblock(&hkey, key); heim_krb5_free_keyblock_contents(HC(context), &hkey); return 0; }
static cc_int32 ccache_set_principal(cc_ccache_t io_ccache, cc_uint32 in_credentials_version, const char *in_principal) { struct cc_ccache *c = (struct cc_ccache *)io_ccache; krb5_error_code ret; krb5_principal p; LOG_ENTRY(); if (in_principal == NULL) return ccErrBadParam; if (in_credentials_version != cc_credentials_v5) return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version"); update_time(&c->change_time); update_time(&context_change_time); ret = heim_krb5_parse_name(milcontext, in_principal, &p); if (ret) return LOG_FAILURE(ccErrBadParam, "parse name"); ret = heim_krb5_cc_initialize(milcontext, c->id, p); heim_krb5_free_principal(milcontext, p); if (ret) return LOG_FAILURE(ccErrInvalidCCache, "init cache"); return ccNoError; }
static cc_int32 ccache_new_credentials_iterator(cc_ccache_t in_ccache, cc_credentials_iterator_t *out_credentials_iterator) { struct cc_ccache *c = (struct cc_ccache *)in_ccache; struct cred_iterator *ci; krb5_error_code ret; LOG_ENTRY(); if (c == NULL || c->id == NULL) return ccErrInvalidCCache; if (out_credentials_iterator == NULL) return ccErrBadParam; ci = calloc(1, sizeof(*c)); ci->iterator.functions = &cred_iter_functions; ci->id = c->id; ret = mit_krb5_cc_start_seq_get((mit_krb5_context)milcontext, (mit_krb5_ccache)c->id, (mit_krb5_cc_cursor *)&ci->cursor); if (ret) { free(ci); return LOG_FAILURE(ccErrInvalidCCache, "start seq"); } *out_credentials_iterator = (cc_credentials_iterator_t)ci; return ccNoError; }
void mshim_herror2merror(krb5_context context, const krb5_error *h, mit_krb5_error *m) { LOG_ENTRY(); memset(m, 0, sizeof(*m)); m->magic = MIT_KV5M_ERROR; if (h->ctime) m->ctime = *h->ctime; if (h->cusec) m->cusec = *h->cusec; m->stime = h->stime; m->susec = h->susec; #if 0 m->client = mshim_hprinc2mprinc(context, h->client); m->server = mshim_hprinc2mprinc(context, h->server); #endif m->error = h->error_code; if (h->e_text) { m->text.magic = MIT_KV5M_DATA; m->text.data = strdup(*(h->e_text)); m->text.length = strlen(*(h->e_text)); } if (h->e_data) mshim_hdata2mdata(h->e_data, &m->e_data); #if 0 krb5_principal client; /* client's principal identifier; optional */ krb5_principal server; /* server's principal identifier */ #endif }
void KRB5_CALLCONV mit_krb5_free_keyblock(mit_krb5_context context, mit_krb5_keyblock *keyblock) { LOG_ENTRY(); mit_krb5_free_keyblock_contents(context, keyblock); free(keyblock); }
KLStatus KLGetTripletFromPrincipal(KLPrincipal inPrincipal, char **outName, char **outInstance, char **outRealm) { LOG_ENTRY(); if (outName) *outName = NULL; if (outInstance) *outInstance = NULL; if (outRealm) *outInstance = NULL; if (inPrincipal == NULL) return klParameterErr; switch (inPrincipal->name.name_string.len) { case 2: if (outInstance) *outInstance = strdup(inPrincipal->name.name_string.val[1]); case 1: if (outName) *outName = strdup(inPrincipal->name.name_string.val[0]); break; default: return klInvalidOptionErr; } if (outRealm) *outRealm = strdup(inPrincipal->realm); return klNoErr; }
mit_krb5_error_code KRB5_CALLCONV krb5_unparse_name(mit_krb5_context context, mit_krb5_const_principal principal, char **str) { struct comb_principal *p = (struct comb_principal *)principal; LOG_ENTRY(); return heim_krb5_unparse_name((krb5_context)context, p->heim, str); }
KLStatus KLLoginOptionsSetTicketStartTime (KLLoginOptions ioOptions, KLTime inStartTime) { LOG_ENTRY(); return klNoErr; }
KLStatus KLLoginOptionsSetAddressless (KLLoginOptions ioOptions, KLBoolean inAddressless) { LOG_ENTRY(); return klNoErr; }
KLStatus KLLoginOptionsSetRenewableLifetime (KLLoginOptions ioOptions, KLLifetime inRenewableLifetime) { LOG_ENTRY(); heim_krb5_get_init_creds_opt_set_renew_life(ioOptions->opt, inRenewableLifetime); return klNoErr; }
cc_int32 cc_initialize(cc_context_t *out_context, cc_int32 in_version, cc_int32 *out_supported_version, char const **out_vendor) { LOG_ENTRY(); mshim_init_context(); update_time(&context_change_time); if (in_version < ccapi_version_3 || in_version > ccapi_version_7) return ccErrBadAPIVersion; if (out_context == NULL) return ccErrBadParam; *out_context = calloc(1, sizeof(**out_context)); (*out_context)->functions = &cc_functions; if (out_supported_version) *out_supported_version = ccapi_version_7; if (out_vendor) *out_vendor = "Apple Heimdal shim layer"; return 0; }
void KRB5_CALLCONV mit_krb5_free_data(mit_krb5_context context, mit_krb5_data *data) { LOG_ENTRY(); mit_krb5_free_data_contents(context, data); free(data); }
static cc_int32 ccache_get_principal(cc_ccache_t in_ccache, cc_uint32 in_credentials_version, cc_string_t *out_principal) { struct cc_ccache *c = (struct cc_ccache *)in_ccache; krb5_principal princ; krb5_error_code ret; char *name; LOG_ENTRY(); if (out_principal == NULL) return ccErrBadParam; if (in_credentials_version != cc_credentials_v5) return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version"); if (c->id == NULL) return ccErrInvalidCCache; ret = heim_krb5_cc_get_principal(milcontext, c->id, &princ); if (ret) return LOG_FAILURE(ret, "get principal"); ret = heim_krb5_unparse_name(milcontext, princ, &name); heim_krb5_free_principal(milcontext, princ); if (ret) return LOG_FAILURE(ret, "unparse name"); *out_principal = create_string(name); free(name); return ccNoError; }
void KRB5_CALLCONV mit_krb5_free_data_contents(mit_krb5_context context, mit_krb5_data *data) { LOG_ENTRY(); free(data->data); memset(data, 0, sizeof(*data)); }
static cc_int32 ccache_store_credentials(cc_ccache_t io_ccache, const cc_credentials_union *in_credentials_union) { struct cc_ccache *c = (struct cc_ccache *)io_ccache; krb5_error_code ret; krb5_creds hcred; LOG_ENTRY(); if (in_credentials_union == NULL) return ccErrBadParam; if (in_credentials_union->version != cc_credentials_v5) return LOG_FAILURE(ccErrBadCredentialsVersion, "wrong version"); if (in_credentials_union->credentials.credentials_v5->client == NULL) return ccErrBadParam; update_time(&c->change_time); update_time(&context_change_time); make_cred_from_ccred(milcontext, in_credentials_union->credentials.credentials_v5, &hcred); ret = heim_krb5_cc_store_cred(milcontext, c->id, &hcred); heim_krb5_free_cred_contents(milcontext, &hcred); if (ret) return LOG_FAILURE(ccErrInvalidCCache, "store cred"); return ccNoError; }
void KRB5_CALLCONV mit_krb5_free_creds(mit_krb5_context context, mit_krb5_creds *cred) { LOG_ENTRY(); mit_krb5_free_cred_contents(context, cred); free(cred); }
static cc_int32 ccache_compare(cc_ccache_t in_ccache, cc_ccache_t in_compare_to_ccache, cc_uint32 *out_equal) { struct cc_ccache *s1 = (struct cc_ccache *)in_ccache; struct cc_ccache *s2 = (struct cc_ccache *)in_compare_to_ccache; krb5_error_code ret; char *n1, *n2; LOG_ENTRY(); if (out_equal == NULL || s2 == NULL) return ccErrBadParam; if (s1 == s2) { *out_equal = 1; return ccNoError; } if (s1->id == NULL || s2->id == NULL) return ccErrInvalidCCache; ret = heim_krb5_cc_get_full_name(milcontext, s1->id, &n1); if (ret) return ccErrInvalidCCache; ret = heim_krb5_cc_get_full_name(milcontext, s2->id, &n2); if (ret) { free(n1); return ccErrInvalidCCache; } *out_equal = (strcmp(n1, n2) == 0); free(n1); free(n2); return ccNoError; }
mit_krb5_error_code KRB5_CALLCONV mit_krb5_os_localaddr(mit_krb5_context context, mit_krb5_address ***addresses) { mit_krb5_address **a; krb5_addresses addrs; krb5_error_code ret; unsigned i; LOG_ENTRY(); *addresses = NULL; addrs.len = 0; addrs.val = NULL; ret = heim_krb5_get_all_client_addrs(HC(context), &addrs); if (ret) return ret; a = calloc(addrs.len + 1, sizeof(a[0])); for (i = 0; i < addrs.len; i++) { a[i] = calloc(1, sizeof(mit_krb5_address)); a[i]->addrtype = addrs.val[i].addr_type; a[i]->length = addrs.val[i].address.length; a[i]->contents = mshim_malloc(addrs.val[i].address.length); memcpy(a[i]->contents, addrs.val[i].address.data, addrs.val[i].address.length); } a[i] = NULL; return 0; }
mit_krb5_error_code KRB5_CALLCONV krb5_set_default_tgs_enctypes(mit_krb5_context context, const mit_krb5_enctype *enc) { LOG_ENTRY(); return heim_krb5_set_default_in_tkt_etypes(HC(context), (krb5_enctype *)enc); }
mit_krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key(mit_krb5_context context, mit_krb5_pointer keyprocarg, mit_krb5_principal principal, mit_krb5_kvno vno, mit_krb5_enctype enctype, mit_krb5_keyblock **key) { mit_krb5_keytab keytab; mit_krb5_keytab_entry entry; mit_krb5_error_code ret; LOG_ENTRY(); if (keyprocarg) ret = krb5_kt_resolve (context, keyprocarg, &keytab); else ret = krb5_kt_default (context, &keytab); if (ret) return ret; ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry); krb5_kt_close (context, keytab); if (ret) return ret; ret = krb5_copy_keyblock (context, &entry.key, key); krb5_kt_free_entry(context, &entry); return ret; }
void KRB5_CALLCONV krb5_get_init_creds_opt_set_canonicalize(mit_krb5_get_init_creds_opt *opt, int canonicalize) { LOG_ENTRY(); opt->flags |= MIT_KRB5_GET_INIT_CREDS_OPT_CANONICALIZE; }
static cc_int32 context_open_default_ccache(cc_context_t in_context, cc_ccache_t *out_ccache) { krb5_error_code ret; krb5_ccache id; LOG_ENTRY(); if (out_ccache == NULL) return ccErrBadParam; ret = heim_krb5_cc_default(milcontext, &id); if (ret) return LOG_FAILURE(ret, "cc default"); if (!check_exists(id)) { heim_krb5_cc_close(milcontext, id); return ccErrCCacheNotFound; } *out_ccache = create_ccache(id); return ccNoError; }
mit_krb5_error_code KRB5_CALLCONV krb5_get_init_creds_keytab(mit_krb5_context context, mit_krb5_creds *creds, mit_krb5_principal client, mit_krb5_keytab arg_keytab, mit_krb5_deltat start_time, char *in_tkt_service, mit_krb5_get_init_creds_opt *mopt) { struct comb_principal *p = (struct comb_principal *)client; krb5_get_init_creds_opt *opt = NULL; krb5_error_code ret; krb5_creds hcreds; LOG_ENTRY(); opt = mshim_gic_opt(HC(context), mopt); memset(creds, 0, sizeof(*creds)); memset(&hcreds, 0, sizeof(hcreds)); ret = heim_krb5_get_init_creds_keytab(HC(context), &hcreds, p->heim, (krb5_keytab)arg_keytab, start_time, in_tkt_service, opt); if (opt) heim_krb5_get_init_creds_opt_free(HC(context), opt); if (ret) return ret; mshim_hcred2mcred(HC(context), &hcreds, creds); heim_krb5_free_cred_contents(HC(context), &hcreds); return ret; }
static cc_int32 context_new_ccache_iterator(cc_context_t in_context, cc_ccache_iterator_t *out_iterator) { krb5_error_code ret; struct cc_iter *c; LOG_ENTRY(); if (out_iterator == NULL) return ccErrBadParam; c = calloc(1, sizeof(*c)); c->iterator.functions = &ccache_iterator_functions; ret = mit_krb5_cccol_cursor_new((mit_krb5_context)milcontext, &c->cursor); if (ret) { free(c); return ccErrNoMem; } *out_iterator = (cc_ccache_iterator_t)c; return ccNoError; }
KLStatus KLLoginOptionsSetTicketLifetime (KLLoginOptions ioOptions, KLLifetime inTicketLifetime) { LOG_ENTRY(); heim_krb5_get_init_creds_opt_set_tkt_life(ioOptions->opt, inTicketLifetime); return klNoErr; }
void KRB5_CALLCONV krb5_get_init_creds_opt_set_forwardable(mit_krb5_get_init_creds_opt *opt, int forwardable) { LOG_ENTRY(); opt->flags |= MIT_KRB5_GET_INIT_CREDS_OPT_FORWARDABLE; opt->forwardable = forwardable; }