new files
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2708 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
236
lib/krb5/init_creds_pw.c
Normal file
236
lib/krb5/init_creds_pw.c
Normal file
@@ -0,0 +1,236 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Kungliga Tekniska
|
||||
* H<>gskolan and its contributors.
|
||||
*
|
||||
* 4. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id$");
|
||||
|
||||
static krb5_error_code
|
||||
init_cred (krb5_context context,
|
||||
krb5_creds *cred,
|
||||
krb5_principal client,
|
||||
krb5_deltat start_time,
|
||||
char *in_tkt_service,
|
||||
krb5_get_init_creds_opt *options)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_realm *client_realm;
|
||||
|
||||
memset (cred, 0, sizeof(*cred));
|
||||
|
||||
if (start_time)
|
||||
cred->times.starttime = time(NULL) + start_time;
|
||||
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
|
||||
cred->times.endtime = time(NULL) + options->tkt_life;
|
||||
else
|
||||
cred->times.endtime = 0;
|
||||
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
|
||||
cred->times.renew_till = time(NULL) + options->renew_life;
|
||||
else
|
||||
cred->times.renew_till = 0;
|
||||
|
||||
if (client)
|
||||
cred->client = client;
|
||||
else { /* XXX -> get_default_principal */
|
||||
char *p;
|
||||
|
||||
p = getenv ("USER");
|
||||
if (p) {
|
||||
ret = krb5_parse_name (context, p, &cred->client);
|
||||
if (ret)
|
||||
goto out;
|
||||
} else {
|
||||
struct passwd *pw;
|
||||
char *realm;
|
||||
|
||||
pw = getpwuid (getuid ());
|
||||
if (pw == NULL) {
|
||||
ret = ENOTTY; /* XXX */
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_get_default_realm (context, &realm);
|
||||
if (ret)
|
||||
goto out;
|
||||
ret = krb5_build_principal (context, &cred->client,
|
||||
strlen(realm), realm,
|
||||
pw->pw_name, NULL);
|
||||
free (realm);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
client_realm = krb5_princ_realm (context, cred->client);
|
||||
|
||||
if (in_tkt_service) {
|
||||
ret = krb5_parse_name (context, in_tkt_service, &cred->server);
|
||||
if (ret)
|
||||
goto out;
|
||||
krb5_princ_set_realm (context, cred->server, client_realm);
|
||||
} else {
|
||||
ret = krb5_build_principal_ext (context,
|
||||
&cred->server,
|
||||
strlen(*client_realm),
|
||||
*client_realm,
|
||||
strlen("krbtgt"),
|
||||
"krbtgt",
|
||||
strlen(*client_realm),
|
||||
*client_realm,
|
||||
NULL);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
return 0;
|
||||
|
||||
out:
|
||||
krb5_free_creds (context, cred);
|
||||
return ret;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_get_init_creds_password(krb5_context context,
|
||||
krb5_creds *creds,
|
||||
krb5_principal client,
|
||||
char *password,
|
||||
krb5_prompter_fct prompter,
|
||||
void *data,
|
||||
krb5_deltat start_time,
|
||||
char *in_tkt_service,
|
||||
krb5_get_init_creds_opt *options)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_kdc_flags flags;
|
||||
krb5_addresses *addrs = NULL;
|
||||
krb5_enctype *etypes = NULL;
|
||||
krb5_preauthtype *pre_auth_types = NULL;
|
||||
krb5_creds this_cred;
|
||||
krb5_kdc_rep kdc_reply;
|
||||
char buf[BUFSIZ];
|
||||
krb5_data password_data;
|
||||
|
||||
ret = init_cred (context, &this_cred, client, start_time,
|
||||
in_tkt_service, options);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
flags.i = 0;
|
||||
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
|
||||
flags.b.forwardable = 1;
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
|
||||
flags.b.proxiable = 1;
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
|
||||
flags.b.renewable = 1;
|
||||
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)
|
||||
addrs = options->address_list;
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
|
||||
etypes = malloc((options->etype_list_length + 1)
|
||||
* sizeof(krb5_enctype));
|
||||
if (etypes == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
memcpy (etypes, options->etype_list,
|
||||
options->etype_list_length * sizeof(krb5_enctype));
|
||||
etypes[options->etype_list_length] = 0;
|
||||
}
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
|
||||
pre_auth_types = malloc((options->preauth_list_length + 1)
|
||||
* sizeof(krb5_preauthtype));
|
||||
if (pre_auth_types == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
memcpy (pre_auth_types, options->preauth_list,
|
||||
options->preauth_list_length * sizeof(krb5_preauthtype));
|
||||
pre_auth_types[options->preauth_list_length] = 0;
|
||||
}
|
||||
if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)
|
||||
; /* XXX */
|
||||
|
||||
if (password == NULL) {
|
||||
krb5_prompt prompt;
|
||||
char *p;
|
||||
|
||||
krb5_unparse_name (context, this_cred.client, &p);
|
||||
asprintf (&prompt.prompt, "%s's Password: ", p);
|
||||
free (p);
|
||||
password_data.data = buf;
|
||||
password_data.length = sizeof(buf);
|
||||
prompt.hidden = 1;
|
||||
prompt.reply = &password_data;
|
||||
|
||||
ret = (*prompter) (context, data, NULL, 1, &prompt);
|
||||
if (ret) {
|
||||
memset (buf, 0, sizeof(buf));
|
||||
goto out;
|
||||
}
|
||||
password = password_data.data;
|
||||
}
|
||||
|
||||
ret = krb5_get_in_cred (context,
|
||||
flags.i,
|
||||
addrs,
|
||||
etypes,
|
||||
pre_auth_types,
|
||||
krb5_password_key_proc,
|
||||
password,
|
||||
NULL,
|
||||
NULL,
|
||||
&this_cred,
|
||||
NULL /* &kdc_reply */);
|
||||
memset (buf, 0, sizeof(buf));
|
||||
if (ret)
|
||||
goto out;
|
||||
free (pre_auth_types);
|
||||
free (etypes);
|
||||
if (creds)
|
||||
*creds = this_cred;
|
||||
else
|
||||
krb5_free_creds (context, &this_cred);
|
||||
return 0;
|
||||
|
||||
out:
|
||||
free (pre_auth_types);
|
||||
free (etypes);
|
||||
krb5_free_creds (context, &this_cred);
|
||||
return ret;
|
||||
}
|
||||
Reference in New Issue
Block a user