/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- krb5_get_init_creds_opt_init
- krb5_get_init_creds_opt_alloc
- _krb5_get_init_creds_opt_copy
- _krb5_get_init_creds_opt_free_krb5_error
- _krb5_get_init_creds_opt_set_krb5_error
- krb5_get_init_creds_opt_free
- get_config_time
- get_config_bool
- krb5_get_init_creds_opt_set_default_flags
- krb5_get_init_creds_opt_set_tkt_life
- krb5_get_init_creds_opt_set_renew_life
- krb5_get_init_creds_opt_set_forwardable
- krb5_get_init_creds_opt_set_proxiable
- krb5_get_init_creds_opt_set_etype_list
- krb5_get_init_creds_opt_set_address_list
- krb5_get_init_creds_opt_set_preauth_list
- krb5_get_init_creds_opt_set_salt
- krb5_get_init_creds_opt_set_anonymous
- require_ext_opt
- krb5_get_init_creds_opt_set_pa_password
- krb5_get_init_creds_opt_set_pac_request
- krb5_get_init_creds_opt_get_error
- krb5_get_init_creds_opt_set_addressless
- krb5_get_init_creds_opt_set_canonicalize
- krb5_get_init_creds_opt_set_win2k
1 /*
2 * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 #undef __attribute__
37 #define __attribute__(x)
38
39 RCSID("$Id$");
40
41 void KRB5_LIB_FUNCTION
42 krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
/* [<][>][^][v][top][bottom][index][help] */
43 __attribute__((deprecated))
44 {
45 memset (opt, 0, sizeof(*opt));
46 }
47
48 krb5_error_code KRB5_LIB_FUNCTION
49 krb5_get_init_creds_opt_alloc(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
50 krb5_get_init_creds_opt **opt)
51 {
52 krb5_get_init_creds_opt *o;
53
54 *opt = NULL;
55 o = calloc(1, sizeof(*o));
56 if (o == NULL) {
57 krb5_set_error_message(context, ENOMEM,
58 N_("malloc: out of memory", ""));
59 return ENOMEM;
60 }
61
62 o->opt_private = calloc(1, sizeof(*o->opt_private));
63 if (o->opt_private == NULL) {
64 krb5_set_error_message(context, ENOMEM,
65 N_("malloc: out of memory", ""));
66 free(o);
67 return ENOMEM;
68 }
69 o->opt_private->refcount = 1;
70 *opt = o;
71 return 0;
72 }
73
74 krb5_error_code
75 _krb5_get_init_creds_opt_copy(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
76 const krb5_get_init_creds_opt *in,
77 krb5_get_init_creds_opt **out)
78 {
79 krb5_get_init_creds_opt *opt;
80
81 *out = NULL;
82 opt = calloc(1, sizeof(*opt));
83 if (opt == NULL) {
84 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
85 return ENOMEM;
86 }
87 if (in)
88 *opt = *in;
89 if(opt->opt_private == NULL) {
90 opt->opt_private = calloc(1, sizeof(*opt->opt_private));
91 if (opt->opt_private == NULL) {
92 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
93 free(opt);
94 return ENOMEM;
95 }
96 opt->opt_private->refcount = 1;
97 } else
98 opt->opt_private->refcount++;
99 *out = opt;
100 return 0;
101 }
102
103 void KRB5_LIB_FUNCTION
104 _krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt)
/* [<][>][^][v][top][bottom][index][help] */
105 {
106 if (opt->opt_private == NULL || opt->opt_private->error == NULL)
107 return;
108 free_KRB_ERROR(opt->opt_private->error);
109 free(opt->opt_private->error);
110 opt->opt_private->error = NULL;
111 }
112
113 void KRB5_LIB_FUNCTION
114 _krb5_get_init_creds_opt_set_krb5_error(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
115 krb5_get_init_creds_opt *opt,
116 const KRB_ERROR *error)
117 {
118 krb5_error_code ret;
119
120 if (opt->opt_private == NULL)
121 return;
122
123 _krb5_get_init_creds_opt_free_krb5_error(opt);
124
125 opt->opt_private->error = malloc(sizeof(*opt->opt_private->error));
126 if (opt->opt_private->error == NULL)
127 return;
128 ret = copy_KRB_ERROR(error, opt->opt_private->error);
129 if (ret) {
130 free(opt->opt_private->error);
131 opt->opt_private->error = NULL;
132 }
133 }
134
135
136 void KRB5_LIB_FUNCTION
137 krb5_get_init_creds_opt_free(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
138 krb5_get_init_creds_opt *opt)
139 {
140 if (opt == NULL || opt->opt_private == NULL)
141 return;
142 if (opt->opt_private->refcount < 1) /* abort ? */
143 return;
144 if (--opt->opt_private->refcount == 0) {
145 _krb5_get_init_creds_opt_free_krb5_error(opt);
146 _krb5_get_init_creds_opt_free_pkinit(opt);
147 free(opt->opt_private);
148 }
149 memset(opt, 0, sizeof(*opt));
150 free(opt);
151 }
152
153 static int
154 get_config_time (krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
155 const char *realm,
156 const char *name,
157 int def)
158 {
159 int ret;
160
161 ret = krb5_config_get_time (context, NULL,
162 "realms",
163 realm,
164 name,
165 NULL);
166 if (ret >= 0)
167 return ret;
168 ret = krb5_config_get_time (context, NULL,
169 "libdefaults",
170 name,
171 NULL);
172 if (ret >= 0)
173 return ret;
174 return def;
175 }
176
177 static krb5_boolean
178 get_config_bool (krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
179 const char *realm,
180 const char *name)
181 {
182 return krb5_config_get_bool (context,
183 NULL,
184 "realms",
185 realm,
186 name,
187 NULL)
188 || krb5_config_get_bool (context,
189 NULL,
190 "libdefaults",
191 name,
192 NULL);
193 }
194
195 /*
196 * set all the values in `opt' to the appropriate values for
197 * application `appname' (default to getprogname() if NULL), and realm
198 * `realm'. First looks in [appdefaults] but falls back to
199 * [realms] or [libdefaults] for some of the values.
200 */
201
202 void KRB5_LIB_FUNCTION
203 krb5_get_init_creds_opt_set_default_flags(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
204 const char *appname,
205 krb5_const_realm realm,
206 krb5_get_init_creds_opt *opt)
207 {
208 krb5_boolean b;
209 time_t t;
210
211 b = get_config_bool (context, realm, "forwardable");
212 krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
213 krb5_get_init_creds_opt_set_forwardable(opt, b);
214
215 b = get_config_bool (context, realm, "proxiable");
216 krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
217 krb5_get_init_creds_opt_set_proxiable (opt, b);
218
219 krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
220 if (t == 0)
221 t = get_config_time (context, realm, "ticket_lifetime", 0);
222 if(t != 0)
223 krb5_get_init_creds_opt_set_tkt_life(opt, t);
224
225 krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
226 if (t == 0)
227 t = get_config_time (context, realm, "renew_lifetime", 0);
228 if(t != 0)
229 krb5_get_init_creds_opt_set_renew_life(opt, t);
230
231 krb5_appdefault_boolean(context, appname, realm, "no-addresses",
232 KRB5_ADDRESSLESS_DEFAULT, &b);
233 krb5_get_init_creds_opt_set_addressless (context, opt, b);
234
235 #if 0
236 krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
237 krb5_get_init_creds_opt_set_anonymous (opt, b);
238
239 krb5_get_init_creds_opt_set_etype_list(opt, enctype,
240 etype_str.num_strings);
241
242 krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
243 krb5_data *salt);
244
245 krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
246 krb5_preauthtype *preauth_list,
247 int preauth_list_length);
248 #endif
249 }
250
251
252 void KRB5_LIB_FUNCTION
253 krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
254 krb5_deltat tkt_life)
255 {
256 opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
257 opt->tkt_life = tkt_life;
258 }
259
260 void KRB5_LIB_FUNCTION
261 krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
262 krb5_deltat renew_life)
263 {
264 opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
265 opt->renew_life = renew_life;
266 }
267
268 void KRB5_LIB_FUNCTION
269 krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
270 int forwardable)
271 {
272 opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
273 opt->forwardable = forwardable;
274 }
275
276 void KRB5_LIB_FUNCTION
277 krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
278 int proxiable)
279 {
280 opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
281 opt->proxiable = proxiable;
282 }
283
284 void KRB5_LIB_FUNCTION
285 krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
286 krb5_enctype *etype_list,
287 int etype_list_length)
288 {
289 opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
290 opt->etype_list = etype_list;
291 opt->etype_list_length = etype_list_length;
292 }
293
294 void KRB5_LIB_FUNCTION
295 krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
296 krb5_addresses *addresses)
297 {
298 opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
299 opt->address_list = addresses;
300 }
301
302 void KRB5_LIB_FUNCTION
303 krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
304 krb5_preauthtype *preauth_list,
305 int preauth_list_length)
306 {
307 opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
308 opt->preauth_list_length = preauth_list_length;
309 opt->preauth_list = preauth_list;
310 }
311
312 void KRB5_LIB_FUNCTION
313 krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
314 krb5_data *salt)
315 {
316 opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
317 opt->salt = salt;
318 }
319
320 void KRB5_LIB_FUNCTION
321 krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
/* [<][>][^][v][top][bottom][index][help] */
322 int anonymous)
323 {
324 opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
325 opt->anonymous = anonymous;
326 }
327
328 static krb5_error_code
329 require_ext_opt(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
330 krb5_get_init_creds_opt *opt,
331 const char *type)
332 {
333 if (opt->opt_private == NULL) {
334 krb5_set_error_message(context, EINVAL,
335 N_("%s on non extendable opt", ""), type);
336 return EINVAL;
337 }
338 return 0;
339 }
340
341 krb5_error_code KRB5_LIB_FUNCTION
342 krb5_get_init_creds_opt_set_pa_password(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
343 krb5_get_init_creds_opt *opt,
344 const char *password,
345 krb5_s2k_proc key_proc)
346 {
347 krb5_error_code ret;
348 ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
349 if (ret)
350 return ret;
351 opt->opt_private->password = password;
352 opt->opt_private->key_proc = key_proc;
353 return 0;
354 }
355
356 krb5_error_code KRB5_LIB_FUNCTION
357 krb5_get_init_creds_opt_set_pac_request(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
358 krb5_get_init_creds_opt *opt,
359 krb5_boolean req_pac)
360 {
361 krb5_error_code ret;
362 ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
363 if (ret)
364 return ret;
365 opt->opt_private->req_pac = req_pac ?
366 KRB5_INIT_CREDS_TRISTATE_TRUE :
367 KRB5_INIT_CREDS_TRISTATE_FALSE;
368 return 0;
369 }
370
371 krb5_error_code KRB5_LIB_FUNCTION
372 krb5_get_init_creds_opt_get_error(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
373 krb5_get_init_creds_opt *opt,
374 KRB_ERROR **error)
375 {
376 krb5_error_code ret;
377
378 *error = NULL;
379
380 ret = require_ext_opt(context, opt, "init_creds_opt_get_error");
381 if (ret)
382 return ret;
383
384 if (opt->opt_private->error == NULL)
385 return 0;
386
387 *error = malloc(sizeof(**error));
388 if (*error == NULL) {
389 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
390 return ENOMEM;
391 }
392
393 ret = copy_KRB_ERROR(opt->opt_private->error, *error);
394 if (ret)
395 krb5_clear_error_message(context);
396
397 return 0;
398 }
399
400 krb5_error_code KRB5_LIB_FUNCTION
401 krb5_get_init_creds_opt_set_addressless(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
402 krb5_get_init_creds_opt *opt,
403 krb5_boolean addressless)
404 {
405 krb5_error_code ret;
406 ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
407 if (ret)
408 return ret;
409 if (addressless)
410 opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_TRUE;
411 else
412 opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE;
413 return 0;
414 }
415
416 krb5_error_code KRB5_LIB_FUNCTION
417 krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
418 krb5_get_init_creds_opt *opt,
419 krb5_boolean req)
420 {
421 krb5_error_code ret;
422 ret = require_ext_opt(context, opt, "init_creds_opt_set_canonicalize");
423 if (ret)
424 return ret;
425 if (req)
426 opt->opt_private->flags |= KRB5_INIT_CREDS_CANONICALIZE;
427 else
428 opt->opt_private->flags &= ~KRB5_INIT_CREDS_CANONICALIZE;
429 return 0;
430 }
431
432 krb5_error_code KRB5_LIB_FUNCTION
433 krb5_get_init_creds_opt_set_win2k(krb5_context context,
/* [<][>][^][v][top][bottom][index][help] */
434 krb5_get_init_creds_opt *opt,
435 krb5_boolean req)
436 {
437 krb5_error_code ret;
438 ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
439 if (ret)
440 return ret;
441 if (req)
442 opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
443 else
444 opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
445 return 0;
446 }
447