/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- kerberos_kinit_keyblock_cc
- kerberos_kinit_password_cc
1 /*
2 Unix SMB/CIFS implementation.
3 kerberos utility library
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Remus Koos 2001
6 Copyright (C) Nalin Dahyabhai 2004.
7 Copyright (C) Jeremy Allison 2004.
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "system/kerberos.h"
26 #include "auth/kerberos/kerberos.h"
27
28 #ifdef HAVE_KRB5
29
30 /*
31 simulate a kinit, putting the tgt in the given credentials cache.
32 Orignally by remus@snapserver.com
33
34 This version is built to use a keyblock, rather than needing the
35 original password.
36 */
37 krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
/* [<][>][^][v][top][bottom][index][help] */
38 krb5_principal principal, krb5_keyblock *keyblock,
39 time_t *expire_time, time_t *kdc_time)
40 {
41 krb5_error_code code = 0;
42 krb5_creds my_creds;
43 krb5_get_init_creds_opt options;
44
45 krb5_get_init_creds_opt_init(&options);
46
47 krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
48
49 if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock,
50 0, NULL, &options))) {
51 return code;
52 }
53
54 if ((code = krb5_cc_initialize(ctx, cc, principal))) {
55 krb5_free_cred_contents(ctx, &my_creds);
56 return code;
57 }
58
59 if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
60 krb5_free_cred_contents(ctx, &my_creds);
61 return code;
62 }
63
64 if (expire_time) {
65 *expire_time = (time_t) my_creds.times.endtime;
66 }
67
68 if (kdc_time) {
69 *kdc_time = (time_t) my_creds.times.starttime;
70 }
71
72 krb5_free_cred_contents(ctx, &my_creds);
73
74 return 0;
75 }
76
77 /*
78 simulate a kinit, putting the tgt in the given credentials cache.
79 Orignally by remus@snapserver.com
80 */
81 krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
/* [<][>][^][v][top][bottom][index][help] */
82 krb5_principal principal, const char *password,
83 time_t *expire_time, time_t *kdc_time)
84 {
85 krb5_error_code code = 0;
86 krb5_creds my_creds;
87 krb5_get_init_creds_opt options;
88
89 krb5_get_init_creds_opt_init(&options);
90
91 krb5_get_init_creds_opt_set_default_flags(ctx, NULL, NULL, &options);
92
93 if ((code = krb5_get_init_creds_password(ctx, &my_creds, principal, password,
94 NULL,
95 NULL, 0, NULL, &options))) {
96 return code;
97 }
98
99 if ((code = krb5_cc_initialize(ctx, cc, principal))) {
100 krb5_free_cred_contents(ctx, &my_creds);
101 return code;
102 }
103
104 if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
105 krb5_free_cred_contents(ctx, &my_creds);
106 return code;
107 }
108
109 if (expire_time) {
110 *expire_time = (time_t) my_creds.times.endtime;
111 }
112
113 if (kdc_time) {
114 *kdc_time = (time_t) my_creds.times.starttime;
115 }
116
117 krb5_free_cred_contents(ctx, &my_creds);
118
119 return 0;
120 }
121
122
123 #endif