3f3dcd9176
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2708 ec53bebd-3082-4978-b11e-865c3cabbd6b
237 lines
6.5 KiB
C
237 lines
6.5 KiB
C
/*
|
|
* Copyright (c) 1997 Kungliga Tekniska Högskolan
|
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by Kungliga Tekniska
|
|
* Högskolan and its contributors.
|
|
*
|
|
* 4. Neither the name of the Institute nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "krb5_locl.h"
|
|
|
|
RCSID("$Id$");
|
|
|
|
static krb5_error_code
|
|
init_cred (krb5_context context,
|
|
krb5_creds *cred,
|
|
krb5_principal client,
|
|
krb5_deltat start_time,
|
|
char *in_tkt_service,
|
|
krb5_get_init_creds_opt *options)
|
|
{
|
|
krb5_error_code ret;
|
|
krb5_realm *client_realm;
|
|
|
|
memset (cred, 0, sizeof(*cred));
|
|
|
|
if (start_time)
|
|
cred->times.starttime = time(NULL) + start_time;
|
|
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
|
|
cred->times.endtime = time(NULL) + options->tkt_life;
|
|
else
|
|
cred->times.endtime = 0;
|
|
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
|
|
cred->times.renew_till = time(NULL) + options->renew_life;
|
|
else
|
|
cred->times.renew_till = 0;
|
|
|
|
if (client)
|
|
cred->client = client;
|
|
else { /* XXX -> get_default_principal */
|
|
char *p;
|
|
|
|
p = getenv ("USER");
|
|
if (p) {
|
|
ret = krb5_parse_name (context, p, &cred->client);
|
|
if (ret)
|
|
goto out;
|
|
} else {
|
|
struct passwd *pw;
|
|
char *realm;
|
|
|
|
pw = getpwuid (getuid ());
|
|
if (pw == NULL) {
|
|
ret = ENOTTY; /* XXX */
|
|
goto out;
|
|
}
|
|
ret = krb5_get_default_realm (context, &realm);
|
|
if (ret)
|
|
goto out;
|
|
ret = krb5_build_principal (context, &cred->client,
|
|
strlen(realm), realm,
|
|
pw->pw_name, NULL);
|
|
free (realm);
|
|
if (ret)
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
client_realm = krb5_princ_realm (context, cred->client);
|
|
|
|
if (in_tkt_service) {
|
|
ret = krb5_parse_name (context, in_tkt_service, &cred->server);
|
|
if (ret)
|
|
goto out;
|
|
krb5_princ_set_realm (context, cred->server, client_realm);
|
|
} else {
|
|
ret = krb5_build_principal_ext (context,
|
|
&cred->server,
|
|
strlen(*client_realm),
|
|
*client_realm,
|
|
strlen("krbtgt"),
|
|
"krbtgt",
|
|
strlen(*client_realm),
|
|
*client_realm,
|
|
NULL);
|
|
if (ret)
|
|
goto out;
|
|
}
|
|
return 0;
|
|
|
|
out:
|
|
krb5_free_creds (context, cred);
|
|
return ret;
|
|
}
|
|
|
|
krb5_error_code
|
|
krb5_get_init_creds_password(krb5_context context,
|
|
krb5_creds *creds,
|
|
krb5_principal client,
|
|
char *password,
|
|
krb5_prompter_fct prompter,
|
|
void *data,
|
|
krb5_deltat start_time,
|
|
char *in_tkt_service,
|
|
krb5_get_init_creds_opt *options)
|
|
{
|
|
krb5_error_code ret;
|
|
krb5_kdc_flags flags;
|
|
krb5_addresses *addrs = NULL;
|
|
krb5_enctype *etypes = NULL;
|
|
krb5_preauthtype *pre_auth_types = NULL;
|
|
krb5_creds this_cred;
|
|
krb5_kdc_rep kdc_reply;
|
|
char buf[BUFSIZ];
|
|
krb5_data password_data;
|
|
|
|
ret = init_cred (context, &this_cred, client, start_time,
|
|
in_tkt_service, options);
|
|
if (ret)
|
|
return ret;
|
|
|
|
flags.i = 0;
|
|
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
|
|
flags.b.forwardable = 1;
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
|
|
flags.b.proxiable = 1;
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
|
|
flags.b.renewable = 1;
|
|
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)
|
|
addrs = options->address_list;
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
|
|
etypes = malloc((options->etype_list_length + 1)
|
|
* sizeof(krb5_enctype));
|
|
if (etypes == NULL) {
|
|
ret = ENOMEM;
|
|
goto out;
|
|
}
|
|
memcpy (etypes, options->etype_list,
|
|
options->etype_list_length * sizeof(krb5_enctype));
|
|
etypes[options->etype_list_length] = 0;
|
|
}
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
|
|
pre_auth_types = malloc((options->preauth_list_length + 1)
|
|
* sizeof(krb5_preauthtype));
|
|
if (pre_auth_types == NULL) {
|
|
ret = ENOMEM;
|
|
goto out;
|
|
}
|
|
memcpy (pre_auth_types, options->preauth_list,
|
|
options->preauth_list_length * sizeof(krb5_preauthtype));
|
|
pre_auth_types[options->preauth_list_length] = 0;
|
|
}
|
|
if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)
|
|
; /* XXX */
|
|
|
|
if (password == NULL) {
|
|
krb5_prompt prompt;
|
|
char *p;
|
|
|
|
krb5_unparse_name (context, this_cred.client, &p);
|
|
asprintf (&prompt.prompt, "%s's Password: ", p);
|
|
free (p);
|
|
password_data.data = buf;
|
|
password_data.length = sizeof(buf);
|
|
prompt.hidden = 1;
|
|
prompt.reply = &password_data;
|
|
|
|
ret = (*prompter) (context, data, NULL, 1, &prompt);
|
|
if (ret) {
|
|
memset (buf, 0, sizeof(buf));
|
|
goto out;
|
|
}
|
|
password = password_data.data;
|
|
}
|
|
|
|
ret = krb5_get_in_cred (context,
|
|
flags.i,
|
|
addrs,
|
|
etypes,
|
|
pre_auth_types,
|
|
krb5_password_key_proc,
|
|
password,
|
|
NULL,
|
|
NULL,
|
|
&this_cred,
|
|
NULL /* &kdc_reply */);
|
|
memset (buf, 0, sizeof(buf));
|
|
if (ret)
|
|
goto out;
|
|
free (pre_auth_types);
|
|
free (etypes);
|
|
if (creds)
|
|
*creds = this_cred;
|
|
else
|
|
krb5_free_creds (context, &this_cred);
|
|
return 0;
|
|
|
|
out:
|
|
free (pre_auth_types);
|
|
free (etypes);
|
|
krb5_free_creds (context, &this_cred);
|
|
return ret;
|
|
}
|