static krb5_error_code KRB5_CALLCONV
acc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
krb5_acc *a = ACACHE(id);
cc_credentials_union cred;
cc_credentials_v5_t v5cred;
krb5_error_code ret;
cc_int32 error;
if (a->ccache == NULL) {
krb5_set_error_message(context, KRB5_CC_NOTFOUND,
N_("No API credential found", ""));
return KRB5_CC_NOTFOUND;
}
cred.version = cc_credentials_v5;
cred.credentials.credentials_v5 = &v5cred;
ret = make_ccred_from_cred(context,
creds,
&v5cred);
if (ret)
return ret;
error = (*a->ccache->func->store_credentials)(a->ccache, &cred);
if (error)
ret = translate_cc_error(context, error);
free_ccred(&v5cred);
return ret;
}
static krb5_error_code
make_ccred_from_cred(krb5_context context,
const krb5_creds *incred,
cc_credentials_v5_t *cred)
{
krb5_error_code ret;
int i;
memset(cred, 0, sizeof(*cred));
ret = heim_krb5_unparse_name(context, incred->client, &cred->client);
if (ret)
goto fail;
ret = heim_krb5_unparse_name(context, incred->server, &cred->server);
if (ret)
goto fail;
cred->keyblock.type = incred->session.keytype;
cred->keyblock.length = incred->session.keyvalue.length;
cred->keyblock.data = incred->session.keyvalue.data;
cred->authtime = incred->times.authtime;
cred->starttime = incred->times.starttime;
cred->endtime = incred->times.endtime;
cred->renew_till = incred->times.renew_till;
cred->ticket.length = incred->ticket.length;
cred->ticket.data = incred->ticket.data;
cred->second_ticket.length = incred->second_ticket.length;
cred->second_ticket.data = incred->second_ticket.data;
/* XXX this one should also be filled in */
cred->authdata = NULL;
cred->addresses = calloc(incred->addresses.len + 1,
sizeof(cred->addresses[0]));
if (cred->addresses == NULL) {
ret = ENOMEM;
goto fail;
}
for (i = 0; i < incred->addresses.len; i++) {
cc_data *addr;
addr = malloc(sizeof(*addr));
if (addr == NULL) {
ret = ENOMEM;
goto fail;
}
addr->type = incred->addresses.val[i].addr_type;
addr->length = incred->addresses.val[i].address.length;
addr->data = malloc(addr->length);
if (addr->data == NULL) {
free(addr);
ret = ENOMEM;
goto fail;
}
memcpy(addr->data, incred->addresses.val[i].address.data,
addr->length);
cred->addresses[i] = addr;
}
cred->addresses[i] = NULL;
cred->ticket_flags = 0;
if (incred->flags.b.forwardable)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE;
if (incred->flags.b.forwarded)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED;
if (incred->flags.b.proxiable)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE;
if (incred->flags.b.proxy)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY;
if (incred->flags.b.may_postdate)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE;
if (incred->flags.b.postdated)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED;
if (incred->flags.b.invalid)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID;
if (incred->flags.b.renewable)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE;
if (incred->flags.b.initial)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL;
if (incred->flags.b.pre_authent)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH;
if (incred->flags.b.hw_authent)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH;
if (incred->flags.b.transited_policy_checked)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED;
if (incred->flags.b.ok_as_delegate)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE;
if (incred->flags.b.anonymous)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS;
return 0;
fail:
free_ccred(cred);
mit_krb5_clear_error_message((mit_krb5_context)context);
return ret;
}
