2 * lib/krb5/krb/get_creds.c
4 * Copyright 1990 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. M.I.T. makes no representations about the suitability of
20 * this software for any purpose. It is provided "as is" without express
21 * or implied warranty.
24 * krb5_get_credentials()
30 Attempts to use the credentials cache or TGS exchange to get an additional
32 client identified by in_creds->client, the server identified by
33 in_creds->server, with options options, expiration date specified in
34 in_creds->times.endtime (0 means as long as possible), session key type
35 specified in in_creds->keyblock.enctype (if non-zero)
37 Any returned ticket and intermediate ticket-granting tickets are
40 returns errors from encryption routines, system errors
45 krb5_error_code INTERFACE
46 krb5_get_credentials(context, options, ccache, in_creds, out_creds)
48 const krb5_flags options;
51 krb5_creds **out_creds;
53 krb5_error_code retval, rv2;
59 if (!in_creds || !in_creds->server || !in_creds->client)
62 memset((char *)&mcreds, 0, sizeof(krb5_creds));
63 mcreds.magic = KV5M_CREDS;
64 mcreds.times.endtime = in_creds->times.endtime;
65 #ifdef HAVE_C_STRUCTURE_ASSIGNMENT
66 mcreds.keyblock = in_creds->keyblock;
68 memcpy(&mcreds.keyblock, &in_creds->keyblock, sizeof(krb5_keyblock));
70 mcreds.authdata = in_creds->authdata;
71 mcreds.server = in_creds->server;
72 mcreds.client = in_creds->client;
74 fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
75 | KRB5_TC_MATCH_AUTHDATA ;
76 if (mcreds.keyblock.enctype)
77 fields |= KRB5_TC_MATCH_KTYPE;
78 if (options & KRB5_GC_USER_USER) {
79 /* also match on identical 2nd tkt and tkt encrypted in a
81 fields |= KRB5_TC_MATCH_2ND_TKT|KRB5_TC_MATCH_IS_SKEY;
82 mcreds.is_skey = TRUE;
83 mcreds.second_ticket = in_creds->second_ticket;
84 if (!in_creds->second_ticket.length)
85 return KRB5_NO_2ND_TKT;
88 if ((ncreds = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL)
91 memset((char *)ncreds, 0, sizeof(krb5_creds));
92 ncreds->magic = KV5M_CREDS;
94 /* The caller is now responsible for cleaning up in_creds */
95 if ((retval = krb5_cc_retrieve_cred(context, ccache, fields, &mcreds,
103 if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED)
106 retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts);
110 if ((rv2 = krb5_cc_store_cred(context, ccache, tgts[i]))) {
116 krb5_free_tgt_creds(context, tgts);
119 retval = krb5_cc_store_cred(context, ccache, *out_creds);