2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
39 * Add a new ccache type with operations `ops', overwriting any
40 * existing one if `override'.
42 * @param context a Keberos context
43 * @param ops type of plugin symbol
44 * @param override flag to select if the registration is to overide
45 * an existing ops with the same name.
47 * @return Return an error code or 0.
49 * @ingroup krb5_ccache
52 krb5_error_code KRB5_LIB_FUNCTION
53 krb5_cc_register(krb5_context context,
54 const krb5_cc_ops *ops,
55 krb5_boolean override)
59 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
60 if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
62 krb5_set_error_message(context,
64 "ccache type %s already exists",
66 return KRB5_CC_TYPE_EXISTS;
71 if(i == context->num_cc_ops) {
72 krb5_cc_ops *o = realloc(context->cc_ops,
73 (context->num_cc_ops + 1) *
74 sizeof(*context->cc_ops));
76 krb5_set_error_message(context, KRB5_CC_NOMEM,
77 "malloc: out of memory");
80 context->num_cc_ops++;
82 memset(context->cc_ops + i, 0,
83 (context->num_cc_ops - i) * sizeof(*context->cc_ops));
85 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
90 * Allocate the memory for a `id' and the that function table to
91 * `ops'. Returns 0 or and error code.
95 _krb5_cc_allocate(krb5_context context,
96 const krb5_cc_ops *ops,
101 p = malloc (sizeof(*p));
103 krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory");
104 return KRB5_CC_NOMEM;
113 * Allocate memory for a new ccache in `id' with operations `ops'
114 * and name `residual'. Return 0 or an error code.
117 static krb5_error_code
118 allocate_ccache (krb5_context context,
119 const krb5_cc_ops *ops,
120 const char *residual,
125 ret = _krb5_cc_allocate(context, ops, id);
128 ret = (*id)->ops->resolve(context, id, residual);
135 * Find and allocate a ccache in `id' from the specification in `residual'.
136 * If the ccache name doesn't contain any colon, interpret it as a file name.
138 * @param context a Keberos context.
139 * @param name string name of a credential cache.
140 * @param id return pointer to a found credential cache.
142 * @return Return 0 or an error code. In case of an error, id is set
145 * @ingroup krb5_ccache
149 krb5_error_code KRB5_LIB_FUNCTION
150 krb5_cc_resolve(krb5_context context,
158 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
159 size_t prefix_len = strlen(context->cc_ops[i].prefix);
161 if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
162 && name[prefix_len] == ':') {
163 return allocate_ccache (context, &context->cc_ops[i],
164 name + prefix_len + 1,
168 if (strchr (name, ':') == NULL)
169 return allocate_ccache (context, &krb5_fcc_ops, name, id);
171 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
172 "unknown ccache type %s", name);
173 return KRB5_CC_UNKNOWN_TYPE;
178 * Generate a new ccache of type `ops' in `id'.
180 * @return Return 0 or an error code.
182 * @ingroup krb5_ccache
186 krb5_error_code KRB5_LIB_FUNCTION
187 krb5_cc_gen_new(krb5_context context,
188 const krb5_cc_ops *ops,
191 return krb5_cc_new_unique(context, ops->prefix, NULL, id);
195 * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
196 * the library chooses the default credential cache type. The supplied
197 * `hint' (that can be NULL) is a string that the credential cache
198 * type can use to base the name of the credential on, this is to make
199 * it easier for the user to differentiate the credentials.
201 * @return Returns 0 or an error code.
203 * @ingroup krb5_ccache
206 krb5_error_code KRB5_LIB_FUNCTION
207 krb5_cc_new_unique(krb5_context context, const char *type,
208 const char *hint, krb5_ccache *id)
210 const krb5_cc_ops *ops;
213 ops = krb5_cc_get_prefix_ops(context, type);
215 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
216 "Credential cache type %s is unknown", type);
217 return KRB5_CC_UNKNOWN_TYPE;
220 ret = _krb5_cc_allocate(context, ops, id);
223 return (*id)->ops->gen_new(context, id);
227 * Return the name of the ccache `id'
229 * @ingroup krb5_ccache
233 const char* KRB5_LIB_FUNCTION
234 krb5_cc_get_name(krb5_context context,
237 return id->ops->get_name(context, id);
241 * Return the type of the ccache `id'.
243 * @ingroup krb5_ccache
247 const char* KRB5_LIB_FUNCTION
248 krb5_cc_get_type(krb5_context context,
251 return id->ops->prefix;
255 * Return the complete resolvable name the ccache `id' in `str´.
256 * `str` should be freed with free(3).
257 * Returns 0 or an error (and then *str is set to NULL).
259 * @ingroup krb5_ccache
263 krb5_error_code KRB5_LIB_FUNCTION
264 krb5_cc_get_full_name(krb5_context context,
268 const char *type, *name;
272 type = krb5_cc_get_type(context, id);
274 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
275 "cache have no name of type");
276 return KRB5_CC_UNKNOWN_TYPE;
279 name = krb5_cc_get_name(context, id);
281 krb5_set_error_message(context, KRB5_CC_BADNAME,
282 "cache of type %s have no name", type);
283 return KRB5_CC_BADNAME;
286 if (asprintf(str, "%s:%s", type, name) == -1) {
287 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
295 * Return krb5_cc_ops of a the ccache `id'.
297 * @ingroup krb5_ccache
302 krb5_cc_get_ops(krb5_context context, krb5_ccache id)
308 * Expand variables in `str' into `res'
312 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
314 size_t tlen, len = 0;
315 char *tmp, *tmp2, *append;
319 while (str && *str) {
320 tmp = strstr(str, "%{");
321 if (tmp && tmp != str) {
322 append = malloc((tmp - str) + 1);
324 memcpy(append, str, tmp - str);
325 append[tmp - str] = '\0';
329 tmp2 = strchr(tmp, '}');
333 krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT,
334 "variable missing }");
335 return KRB5_CONFIG_BADFORMAT;
337 if (strncasecmp(tmp, "%{uid}", 6) == 0)
338 asprintf(&append, "%u", (unsigned)getuid());
339 else if (strncasecmp(tmp, "%{null}", 7) == 0)
344 krb5_set_error_message(context,
345 KRB5_CONFIG_BADFORMAT,
346 "expand default cache unknown "
348 (int)(tmp2 - tmp) - 2, tmp + 2);
349 return KRB5_CONFIG_BADFORMAT;
353 append = strdup(str);
356 if (append == NULL) {
359 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
363 tlen = strlen(append);
364 tmp = realloc(*res, len + tlen + 1);
369 krb5_set_error_message(context, ENOMEM,
370 "malloc: out of memory");
374 memcpy(*res + len, append, tlen + 1);
382 * Return non-zero if envirnoment that will determine default krb5cc
387 environment_changed(krb5_context context)
391 /* if the cc name was set, don't change it */
392 if (context->default_cc_name_set)
398 e = getenv("KRB5CCNAME");
400 if (context->default_cc_name_env) {
401 free(context->default_cc_name_env);
402 context->default_cc_name_env = NULL;
406 if (context->default_cc_name_env == NULL)
408 if (strcmp(e, context->default_cc_name_env) != 0)
415 * Switch the default default credential cache for a specific
416 * credcache type (and name for some implementations).
418 * @return Returns 0 or an error code.
420 * @ingroup krb5_ccache
424 krb5_cc_switch(krb5_context context, krb5_ccache id)
427 if (id->ops->set_default == NULL)
430 return (*id->ops->set_default)(context, id);
434 * Set the default cc name for `context' to `name'.
436 * @ingroup krb5_ccache
439 krb5_error_code KRB5_LIB_FUNCTION
440 krb5_cc_set_default_name(krb5_context context, const char *name)
442 krb5_error_code ret = 0;
446 const char *e = NULL;
449 e = getenv("KRB5CCNAME");
452 if (context->default_cc_name_env)
453 free(context->default_cc_name_env);
454 context->default_cc_name_env = strdup(e);
458 e = krb5_config_get_string(context, NULL, "libdefaults",
459 "default_cc_name", NULL);
461 ret = _krb5_expand_default_cc_name(context, e, &p);
466 const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
467 e = krb5_config_get_string(context, NULL, "libdefaults",
468 "default_cc_type", NULL);
470 ops = krb5_cc_get_prefix_ops(context, e);
472 krb5_set_error_message(context,
473 KRB5_CC_UNKNOWN_TYPE,
474 "Credential cache type %s "
476 return KRB5_CC_UNKNOWN_TYPE;
479 ret = (*ops->get_default_name)(context, &p);
484 context->default_cc_name_set = 0;
487 context->default_cc_name_set = 1;
491 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
495 if (context->default_cc_name)
496 free(context->default_cc_name);
498 context->default_cc_name = p;
504 * Return a pointer to a context static string containing the default
507 * @return String to the default credential cache name.
509 * @ingroup krb5_ccache
513 const char* KRB5_LIB_FUNCTION
514 krb5_cc_default_name(krb5_context context)
516 if (context->default_cc_name == NULL || environment_changed(context))
517 krb5_cc_set_default_name(context, NULL);
519 return context->default_cc_name;
523 * Open the default ccache in `id'.
525 * @return Return 0 or an error code.
527 * @ingroup krb5_ccache
531 krb5_error_code KRB5_LIB_FUNCTION
532 krb5_cc_default(krb5_context context,
535 const char *p = krb5_cc_default_name(context);
538 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
541 return krb5_cc_resolve(context, p, id);
545 * Create a new ccache in `id' for `primary_principal'.
547 * @return Return 0 or an error code.
549 * @ingroup krb5_ccache
553 krb5_error_code KRB5_LIB_FUNCTION
554 krb5_cc_initialize(krb5_context context,
556 krb5_principal primary_principal)
558 return (*id->ops->init)(context, id, primary_principal);
563 * Remove the ccache `id'.
565 * @return Return 0 or an error code.
567 * @ingroup krb5_ccache
571 krb5_error_code KRB5_LIB_FUNCTION
572 krb5_cc_destroy(krb5_context context,
577 ret = (*id->ops->destroy)(context, id);
578 krb5_cc_close (context, id);
583 * Stop using the ccache `id' and free the related resources.
585 * @return Return 0 or an error code.
587 * @ingroup krb5_ccache
591 krb5_error_code KRB5_LIB_FUNCTION
592 krb5_cc_close(krb5_context context,
596 ret = (*id->ops->close)(context, id);
602 * Store `creds' in the ccache `id'.
604 * @return Return 0 or an error code.
606 * @ingroup krb5_ccache
610 krb5_error_code KRB5_LIB_FUNCTION
611 krb5_cc_store_cred(krb5_context context,
615 return (*id->ops->store)(context, id, creds);
619 * Retrieve the credential identified by `mcreds' (and `whichfields')
620 * from `id' in `creds'. 'creds' must be free by the caller using
621 * krb5_free_cred_contents.
623 * @return Return 0 or an error code.
625 * @ingroup krb5_ccache
629 krb5_error_code KRB5_LIB_FUNCTION
630 krb5_cc_retrieve_cred(krb5_context context,
632 krb5_flags whichfields,
633 const krb5_creds *mcreds,
637 krb5_cc_cursor cursor;
639 if (id->ops->retrieve != NULL) {
640 return (*id->ops->retrieve)(context, id, whichfields,
644 ret = krb5_cc_start_seq_get(context, id, &cursor);
647 while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
648 if(krb5_compare_creds(context, whichfields, mcreds, creds)){
652 krb5_free_cred_contents (context, creds);
654 krb5_cc_end_seq_get(context, id, &cursor);
659 * Return the principal of `id' in `principal'.
661 * @return Return 0 or an error code.
663 * @ingroup krb5_ccache
667 krb5_error_code KRB5_LIB_FUNCTION
668 krb5_cc_get_principal(krb5_context context,
670 krb5_principal *principal)
672 return (*id->ops->get_princ)(context, id, principal);
676 * Start iterating over `id', `cursor' is initialized to the
679 * @return Return 0 or an error code.
681 * @ingroup krb5_ccache
685 krb5_error_code KRB5_LIB_FUNCTION
686 krb5_cc_start_seq_get (krb5_context context,
687 const krb5_ccache id,
688 krb5_cc_cursor *cursor)
690 return (*id->ops->get_first)(context, id, cursor);
694 * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
695 * and advance `cursor'.
697 * @return Return 0 or an error code.
699 * @ingroup krb5_ccache
703 krb5_error_code KRB5_LIB_FUNCTION
704 krb5_cc_next_cred (krb5_context context,
705 const krb5_ccache id,
706 krb5_cc_cursor *cursor,
709 return (*id->ops->get_next)(context, id, cursor, creds);
713 * Like krb5_cc_next_cred, but allow for selective retrieval
715 * @ingroup krb5_ccache
719 krb5_error_code KRB5_LIB_FUNCTION
720 krb5_cc_next_cred_match(krb5_context context,
721 const krb5_ccache id,
722 krb5_cc_cursor * cursor,
724 krb5_flags whichfields,
725 const krb5_creds * mcreds)
729 ret = krb5_cc_next_cred(context, id, cursor, creds);
732 if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds))
734 krb5_free_cred_contents(context, creds);
739 * Destroy the cursor `cursor'.
741 * @ingroup krb5_ccache
745 krb5_error_code KRB5_LIB_FUNCTION
746 krb5_cc_end_seq_get (krb5_context context,
747 const krb5_ccache id,
748 krb5_cc_cursor *cursor)
750 return (*id->ops->end_get)(context, id, cursor);
754 * Remove the credential identified by `cred', `which' from `id'.
756 * @ingroup krb5_ccache
760 krb5_error_code KRB5_LIB_FUNCTION
761 krb5_cc_remove_cred(krb5_context context,
766 if(id->ops->remove_cred == NULL) {
767 krb5_set_error_message(context,
769 "ccache %s does not support remove_cred",
771 return EACCES; /* XXX */
773 return (*id->ops->remove_cred)(context, id, which, cred);
777 * Set the flags of `id' to `flags'.
779 * @ingroup krb5_ccache
783 krb5_error_code KRB5_LIB_FUNCTION
784 krb5_cc_set_flags(krb5_context context,
788 return (*id->ops->set_flags)(context, id, flags);
792 * Copy the contents of `from' to `to'.
794 * @ingroup krb5_ccache
798 krb5_error_code KRB5_LIB_FUNCTION
799 krb5_cc_copy_cache_match(krb5_context context,
800 const krb5_ccache from,
802 krb5_flags whichfields,
803 const krb5_creds * mcreds,
804 unsigned int *matched)
807 krb5_cc_cursor cursor;
809 krb5_principal princ;
811 ret = krb5_cc_get_principal(context, from, &princ);
814 ret = krb5_cc_initialize(context, to, princ);
816 krb5_free_principal(context, princ);
819 ret = krb5_cc_start_seq_get(context, from, &cursor);
821 krb5_free_principal(context, princ);
827 krb5_cc_next_cred_match(context, from, &cursor, &cred,
828 whichfields, mcreds) == 0) {
831 ret = krb5_cc_store_cred(context, to, &cred);
832 krb5_free_cred_contents(context, &cred);
834 krb5_cc_end_seq_get(context, from, &cursor);
835 krb5_free_principal(context, princ);
840 * Just like krb5_cc_copy_cache_match, but copy everything.
842 * @ingroup krb5_ccache
846 krb5_error_code KRB5_LIB_FUNCTION
847 krb5_cc_copy_cache(krb5_context context,
848 const krb5_ccache from,
851 return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
855 * Return the version of `id'.
857 * @ingroup krb5_ccache
861 krb5_error_code KRB5_LIB_FUNCTION
862 krb5_cc_get_version(krb5_context context,
863 const krb5_ccache id)
865 if(id->ops->get_version)
866 return (*id->ops->get_version)(context, id);
872 * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
874 * @ingroup krb5_ccache
878 void KRB5_LIB_FUNCTION
879 krb5_cc_clear_mcred(krb5_creds *mcred)
881 memset(mcred, 0, sizeof(*mcred));
885 * Get the cc ops that is registered in `context' to handle the
886 * prefix. prefix can be a complete credential cache name or a
887 * prefix, the function will only use part up to the first colon (:)
888 * if there is one. If prefix the argument is NULL, the default ccache
889 * implemtation is returned.
891 * @return Returns NULL if ops not found.
893 * @ingroup krb5_ccache
898 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
904 return KRB5_DEFAULT_CCTYPE;
905 if (prefix[0] == '/')
906 return &krb5_fcc_ops;
910 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
917 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
918 if(strcmp(context->cc_ops[i].prefix, p) == 0) {
920 return &context->cc_ops[i];
927 struct krb5_cc_cache_cursor_data {
928 const krb5_cc_ops *ops;
929 krb5_cc_cursor cursor;
933 * Start iterating over all caches of `type'. If `type' is NULL, the
934 * default type is * used. `cursor' is initialized to the beginning.
936 * @return Return 0 or an error code.
938 * @ingroup krb5_ccache
942 krb5_error_code KRB5_LIB_FUNCTION
943 krb5_cc_cache_get_first (krb5_context context,
945 krb5_cc_cache_cursor *cursor)
947 const krb5_cc_ops *ops;
951 type = krb5_cc_default_name(context);
953 ops = krb5_cc_get_prefix_ops(context, type);
955 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
956 "Unknown type \"%s\" when iterating "
957 "trying to iterate the credential caches", type);
958 return KRB5_CC_UNKNOWN_TYPE;
961 if (ops->get_cache_first == NULL) {
962 krb5_set_error_message(context, KRB5_CC_NOSUPP,
963 "Credential cache type %s doesn't support "
964 "iterations over caches", ops->prefix);
965 return KRB5_CC_NOSUPP;
968 *cursor = calloc(1, sizeof(**cursor));
969 if (*cursor == NULL) {
970 krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
974 (*cursor)->ops = ops;
976 ret = ops->get_cache_first(context, &(*cursor)->cursor);
985 * Retrieve the next cache pointed to by (`cursor') in `id'
986 * and advance `cursor'.
988 * @return Return 0 or an error code.
990 * @ingroup krb5_ccache
994 krb5_error_code KRB5_LIB_FUNCTION
995 krb5_cc_cache_next (krb5_context context,
996 krb5_cc_cache_cursor cursor,
999 return cursor->ops->get_cache_next(context, cursor->cursor, id);
1003 * Destroy the cursor `cursor'.
1005 * @return Return 0 or an error code.
1007 * @ingroup krb5_ccache
1011 krb5_error_code KRB5_LIB_FUNCTION
1012 krb5_cc_cache_end_seq_get (krb5_context context,
1013 krb5_cc_cache_cursor cursor)
1015 krb5_error_code ret;
1016 ret = cursor->ops->end_cache_get(context, cursor->cursor);
1023 * Search for a matching credential cache of type `type' that have the
1024 * `principal' as the default principal. If NULL is used for `type',
1025 * the default type is used. On success, `id' needs to be freed with
1026 * krb5_cc_close or krb5_cc_destroy.
1028 * @return On failure, error code is returned and `id' is set to NULL.
1030 * @ingroup krb5_ccache
1034 krb5_error_code KRB5_LIB_FUNCTION
1035 krb5_cc_cache_match (krb5_context context,
1036 krb5_principal client,
1040 krb5_cc_cache_cursor cursor;
1041 krb5_error_code ret;
1042 krb5_ccache cache = NULL;
1046 ret = krb5_cc_cache_get_first (context, type, &cursor);
1050 while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
1051 krb5_principal principal;
1053 ret = krb5_cc_get_principal(context, cache, &principal);
1057 match = krb5_principal_compare(context, principal, client);
1058 krb5_free_principal(context, principal);
1063 krb5_cc_close(context, cache);
1067 krb5_cc_cache_end_seq_get(context, cursor);
1069 if (cache == NULL) {
1072 krb5_unparse_name(context, client, &str);
1074 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
1075 "Principal %s not found in a "
1077 str ? str : "<out of memory>");
1080 return KRB5_CC_NOTFOUND;
1088 * Move the content from one credential cache to another. The
1089 * operation is an atomic switch.
1091 * @param context a Keberos context
1092 * @param from the credential cache to move the content from
1093 * @param to the credential cache to move the content to
1095 * @return On sucess, from is freed. On failure, error code is
1096 * returned and from and to are both still allocated.
1098 * @ingroup krb5_ccache
1102 krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1104 krb5_error_code ret;
1106 if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
1107 krb5_set_error_message(context, KRB5_CC_NOSUPP,
1108 "Moving credentials between diffrent "
1109 "types not yet supported");
1110 return KRB5_CC_NOSUPP;
1113 ret = (*to->ops->move)(context, from, to);
1115 memset(from, 0, sizeof(*from));
1121 #define KRB5_CONF_NAME "@krb5_ccache_conf_data"
1123 static krb5_error_code
1124 build_conf_principals(krb5_context context, krb5_ccache id,
1125 krb5_const_principal principal,
1126 const char *name, krb5_creds *cred)
1128 krb5_principal client;
1129 krb5_error_code ret;
1132 memset(cred, 0, sizeof(*cred));
1134 ret = krb5_cc_get_principal(context, id, &client);
1139 ret = krb5_unparse_name(context, principal, &pname);
1144 ret = krb5_make_principal(context, &cred->server,
1145 krb5_principal_get_realm(context, client),
1146 KRB5_CONF_NAME, name, pname, NULL);
1149 krb5_free_principal(context, client);
1152 ret = krb5_copy_principal(context, client, &cred->client);
1153 krb5_free_principal(context, client);
1158 * Store some configuration for the credential cache in the cache.
1159 * Existing configuration under the same name is over-written.
1161 * @param context a Keberos context
1162 * @param id the credential cache to store the data for
1163 * @param principal configuration for a specific principal, if
1164 * NULL, global for the whole cache.
1165 * @param name name under which the configuraion is stored.
1166 * @param data data to store
1169 krb5_error_code KRB5_LIB_FUNCTION
1170 krb5_cc_set_config(krb5_context context, krb5_ccache id,
1171 krb5_const_principal principal,
1172 const char *name, krb5_data *data)
1174 krb5_error_code ret;
1177 ret = build_conf_principals(context, id, principal, name, &cred);
1181 /* Remove old configuration */
1182 ret = krb5_cc_remove_cred(context, id, 0, &cred);
1186 /* not that anyone care when this expire */
1187 cred.times.authtime = time(NULL);
1188 cred.times.endtime = cred.times.authtime + 3600 * 24 * 30;
1190 ret = krb5_data_copy(&cred.ticket, data->data, data->length);
1194 ret = krb5_cc_store_cred(context, id, &cred);
1197 krb5_free_cred_contents (context, &cred);
1202 * Get some configuration for the credential cache in the cache.
1204 * @param context a Keberos context
1205 * @param id the credential cache to store the data for
1206 * @param principal configuration for a specific principal, if
1207 * NULL, global for the whole cache.
1208 * @param name name under which the configuraion is stored.
1209 * @param data data to fetched, free with krb5_data_free()
1213 krb5_error_code KRB5_LIB_FUNCTION
1214 krb5_cc_get_config(krb5_context context, krb5_ccache id,
1215 krb5_const_principal principal,
1216 const char *name, krb5_data *data)
1218 krb5_creds mcred, cred;
1219 krb5_error_code ret;
1221 memset(&cred, 0, sizeof(cred));
1222 krb5_data_zero(data);
1224 ret = build_conf_principals(context, id, principal, name, &mcred);
1228 ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
1232 ret = krb5_data_copy(data, cred.ticket.data, cred.ticket.length);
1235 krb5_free_cred_contents (context, &cred);
1236 krb5_free_cred_contents (context, &mcred);
git.samba.org / tprouty / samba.git / blob