root/source4/heimdal/lib/krb5/init_creds.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. krb5_get_init_creds_opt_init
  2. krb5_get_init_creds_opt_alloc
  3. _krb5_get_init_creds_opt_copy
  4. _krb5_get_init_creds_opt_free_krb5_error
  5. _krb5_get_init_creds_opt_set_krb5_error
  6. krb5_get_init_creds_opt_free
  7. get_config_time
  8. get_config_bool
  9. krb5_get_init_creds_opt_set_default_flags
  10. krb5_get_init_creds_opt_set_tkt_life
  11. krb5_get_init_creds_opt_set_renew_life
  12. krb5_get_init_creds_opt_set_forwardable
  13. krb5_get_init_creds_opt_set_proxiable
  14. krb5_get_init_creds_opt_set_etype_list
  15. krb5_get_init_creds_opt_set_address_list
  16. krb5_get_init_creds_opt_set_preauth_list
  17. krb5_get_init_creds_opt_set_salt
  18. krb5_get_init_creds_opt_set_anonymous
  19. require_ext_opt
  20. krb5_get_init_creds_opt_set_pa_password
  21. krb5_get_init_creds_opt_set_pac_request
  22. krb5_get_init_creds_opt_get_error
  23. krb5_get_init_creds_opt_set_addressless
  24. krb5_get_init_creds_opt_set_canonicalize
  25. krb5_get_init_creds_opt_set_win2k

   1 /*
   2  * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33 
  34 #include "krb5_locl.h"
  35 
  36 #undef __attribute__
  37 #define __attribute__(x)
  38 
  39 RCSID("$Id$");
  40 
  41 void KRB5_LIB_FUNCTION
  42 krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
     /* [<][>][^][v][top][bottom][index][help] */
  43     __attribute__((deprecated))
  44 {
  45     memset (opt, 0, sizeof(*opt));
  46 }
  47 
  48 krb5_error_code KRB5_LIB_FUNCTION
  49 krb5_get_init_creds_opt_alloc(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
  50                               krb5_get_init_creds_opt **opt)
  51 {
  52     krb5_get_init_creds_opt *o;
  53 
  54     *opt = NULL;
  55     o = calloc(1, sizeof(*o));
  56     if (o == NULL) {
  57         krb5_set_error_message(context, ENOMEM, 
  58                                N_("malloc: out of memory", ""));
  59         return ENOMEM;
  60     }
  61 
  62     o->opt_private = calloc(1, sizeof(*o->opt_private));
  63     if (o->opt_private == NULL) {
  64         krb5_set_error_message(context, ENOMEM, 
  65                                N_("malloc: out of memory", ""));
  66         free(o);
  67         return ENOMEM;
  68     }
  69     o->opt_private->refcount = 1;
  70     *opt = o;
  71     return 0;
  72 }
  73 
  74 krb5_error_code
  75 _krb5_get_init_creds_opt_copy(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
  76                               const krb5_get_init_creds_opt *in,
  77                               krb5_get_init_creds_opt **out)
  78 {
  79     krb5_get_init_creds_opt *opt;
  80 
  81     *out = NULL;
  82     opt = calloc(1, sizeof(*opt));
  83     if (opt == NULL) {
  84         krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
  85         return ENOMEM;
  86     }
  87     if (in)
  88         *opt = *in;
  89     if(opt->opt_private == NULL) {
  90         opt->opt_private = calloc(1, sizeof(*opt->opt_private));
  91         if (opt->opt_private == NULL) {
  92             krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
  93             free(opt);
  94             return ENOMEM;
  95         }
  96         opt->opt_private->refcount = 1;
  97     } else
  98         opt->opt_private->refcount++;
  99     *out = opt;
 100     return 0;
 101 }
 102 
 103 void KRB5_LIB_FUNCTION
 104 _krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt)
     /* [<][>][^][v][top][bottom][index][help] */
 105 {
 106     if (opt->opt_private == NULL || opt->opt_private->error == NULL)
 107         return;
 108     free_KRB_ERROR(opt->opt_private->error);
 109     free(opt->opt_private->error);
 110     opt->opt_private->error = NULL;
 111 }
 112 
 113 void KRB5_LIB_FUNCTION
 114 _krb5_get_init_creds_opt_set_krb5_error(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 115                                         krb5_get_init_creds_opt *opt,
 116                                         const KRB_ERROR *error)
 117 {
 118     krb5_error_code ret;
 119 
 120     if (opt->opt_private == NULL)
 121         return;
 122 
 123     _krb5_get_init_creds_opt_free_krb5_error(opt);
 124 
 125     opt->opt_private->error = malloc(sizeof(*opt->opt_private->error));
 126     if (opt->opt_private->error == NULL)
 127         return;
 128     ret = copy_KRB_ERROR(error, opt->opt_private->error);
 129     if (ret) {
 130         free(opt->opt_private->error);
 131         opt->opt_private->error = NULL;
 132     }   
 133 }
 134 
 135 
 136 void KRB5_LIB_FUNCTION
 137 krb5_get_init_creds_opt_free(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 138                              krb5_get_init_creds_opt *opt)
 139 {
 140     if (opt == NULL || opt->opt_private == NULL)
 141         return;
 142     if (opt->opt_private->refcount < 1) /* abort ? */
 143         return;
 144     if (--opt->opt_private->refcount == 0) {
 145         _krb5_get_init_creds_opt_free_krb5_error(opt);
 146         _krb5_get_init_creds_opt_free_pkinit(opt);
 147         free(opt->opt_private);
 148     }
 149     memset(opt, 0, sizeof(*opt));
 150     free(opt);
 151 }
 152 
 153 static int
 154 get_config_time (krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 155                  const char *realm,
 156                  const char *name,
 157                  int def)
 158 {
 159     int ret;
 160 
 161     ret = krb5_config_get_time (context, NULL,
 162                                 "realms",
 163                                 realm,
 164                                 name,
 165                                 NULL);
 166     if (ret >= 0)
 167         return ret;
 168     ret = krb5_config_get_time (context, NULL,
 169                                 "libdefaults",
 170                                 name,
 171                                 NULL);
 172     if (ret >= 0)
 173         return ret;
 174     return def;
 175 }
 176 
 177 static krb5_boolean
 178 get_config_bool (krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 179                  const char *realm,
 180                  const char *name)
 181 {
 182     return krb5_config_get_bool (context,
 183                                  NULL,
 184                                  "realms",
 185                                  realm,
 186                                  name,
 187                                  NULL)
 188         || krb5_config_get_bool (context,
 189                                  NULL,
 190                                  "libdefaults",
 191                                  name,
 192                                  NULL);
 193 }
 194 
 195 /*
 196  * set all the values in `opt' to the appropriate values for
 197  * application `appname' (default to getprogname() if NULL), and realm
 198  * `realm'.  First looks in [appdefaults] but falls back to
 199  * [realms] or [libdefaults] for some of the values.
 200  */
 201 
 202 void KRB5_LIB_FUNCTION
 203 krb5_get_init_creds_opt_set_default_flags(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 204                                           const char *appname,
 205                                           krb5_const_realm realm,
 206                                           krb5_get_init_creds_opt *opt)
 207 {
 208     krb5_boolean b;
 209     time_t t;
 210 
 211     b = get_config_bool (context, realm, "forwardable");
 212     krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
 213     krb5_get_init_creds_opt_set_forwardable(opt, b);
 214 
 215     b = get_config_bool (context, realm, "proxiable");
 216     krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
 217     krb5_get_init_creds_opt_set_proxiable (opt, b);
 218 
 219     krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
 220     if (t == 0)
 221         t = get_config_time (context, realm, "ticket_lifetime", 0);
 222     if(t != 0)
 223         krb5_get_init_creds_opt_set_tkt_life(opt, t);
 224 
 225     krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
 226     if (t == 0)
 227         t = get_config_time (context, realm, "renew_lifetime", 0);
 228     if(t != 0)
 229         krb5_get_init_creds_opt_set_renew_life(opt, t);
 230 
 231     krb5_appdefault_boolean(context, appname, realm, "no-addresses",
 232                             KRB5_ADDRESSLESS_DEFAULT, &b);
 233     krb5_get_init_creds_opt_set_addressless (context, opt, b);
 234 
 235 #if 0
 236     krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
 237     krb5_get_init_creds_opt_set_anonymous (opt, b);
 238 
 239     krb5_get_init_creds_opt_set_etype_list(opt, enctype,
 240                                            etype_str.num_strings);
 241 
 242     krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
 243                                      krb5_data *salt);
 244 
 245     krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
 246                                              krb5_preauthtype *preauth_list,
 247                                              int preauth_list_length);
 248 #endif
 249 }
 250 
 251 
 252 void KRB5_LIB_FUNCTION
 253 krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 254                                      krb5_deltat tkt_life)
 255 {
 256     opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
 257     opt->tkt_life = tkt_life;
 258 }
 259 
 260 void KRB5_LIB_FUNCTION
 261 krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 262                                        krb5_deltat renew_life)
 263 {
 264     opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
 265     opt->renew_life = renew_life;
 266 }
 267 
 268 void KRB5_LIB_FUNCTION
 269 krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 270                                         int forwardable)
 271 {
 272     opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
 273     opt->forwardable = forwardable;
 274 }
 275 
 276 void KRB5_LIB_FUNCTION
 277 krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 278                                       int proxiable)
 279 {
 280     opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
 281     opt->proxiable = proxiable;
 282 }
 283 
 284 void KRB5_LIB_FUNCTION
 285 krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 286                                        krb5_enctype *etype_list,
 287                                        int etype_list_length)
 288 {
 289     opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
 290     opt->etype_list = etype_list;
 291     opt->etype_list_length = etype_list_length;
 292 }
 293 
 294 void KRB5_LIB_FUNCTION
 295 krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 296                                          krb5_addresses *addresses)
 297 {
 298     opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
 299     opt->address_list = addresses;
 300 }
 301 
 302 void KRB5_LIB_FUNCTION
 303 krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 304                                          krb5_preauthtype *preauth_list,
 305                                          int preauth_list_length)
 306 {
 307     opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
 308     opt->preauth_list_length = preauth_list_length;
 309     opt->preauth_list = preauth_list;
 310 }
 311 
 312 void KRB5_LIB_FUNCTION
 313 krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 314                                  krb5_data *salt)
 315 {
 316     opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
 317     opt->salt = salt;
 318 }
 319 
 320 void KRB5_LIB_FUNCTION
 321 krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
     /* [<][>][^][v][top][bottom][index][help] */
 322                                       int anonymous)
 323 {
 324     opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
 325     opt->anonymous = anonymous;
 326 }
 327 
 328 static krb5_error_code
 329 require_ext_opt(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 330                 krb5_get_init_creds_opt *opt,
 331                 const char *type)
 332 {
 333     if (opt->opt_private == NULL) {
 334         krb5_set_error_message(context, EINVAL,
 335                                N_("%s on non extendable opt", ""), type);
 336         return EINVAL;
 337     }
 338     return 0;
 339 }
 340 
 341 krb5_error_code KRB5_LIB_FUNCTION
 342 krb5_get_init_creds_opt_set_pa_password(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 343                                         krb5_get_init_creds_opt *opt,
 344                                         const char *password,
 345                                         krb5_s2k_proc key_proc)
 346 {
 347     krb5_error_code ret;
 348     ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
 349     if (ret)
 350         return ret;
 351     opt->opt_private->password = password;
 352     opt->opt_private->key_proc = key_proc;
 353     return 0;
 354 }
 355 
 356 krb5_error_code KRB5_LIB_FUNCTION
 357 krb5_get_init_creds_opt_set_pac_request(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 358                                         krb5_get_init_creds_opt *opt,
 359                                         krb5_boolean req_pac)
 360 {
 361     krb5_error_code ret;
 362     ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
 363     if (ret)
 364         return ret;
 365     opt->opt_private->req_pac = req_pac ?
 366         KRB5_INIT_CREDS_TRISTATE_TRUE :
 367         KRB5_INIT_CREDS_TRISTATE_FALSE;
 368     return 0;
 369 }
 370 
 371 krb5_error_code KRB5_LIB_FUNCTION
 372 krb5_get_init_creds_opt_get_error(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 373                                   krb5_get_init_creds_opt *opt,
 374                                   KRB_ERROR **error)
 375 {
 376     krb5_error_code ret;
 377 
 378     *error = NULL;
 379 
 380     ret = require_ext_opt(context, opt, "init_creds_opt_get_error");
 381     if (ret)
 382         return ret;
 383 
 384     if (opt->opt_private->error == NULL)
 385         return 0;
 386 
 387     *error = malloc(sizeof(**error));
 388     if (*error == NULL) {
 389         krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
 390         return ENOMEM;
 391     }
 392 
 393     ret = copy_KRB_ERROR(opt->opt_private->error, *error);
 394     if (ret)
 395         krb5_clear_error_message(context);
 396 
 397     return 0;
 398 }
 399 
 400 krb5_error_code KRB5_LIB_FUNCTION
 401 krb5_get_init_creds_opt_set_addressless(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 402                                         krb5_get_init_creds_opt *opt,
 403                                         krb5_boolean addressless)
 404 {
 405     krb5_error_code ret;
 406     ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
 407     if (ret)
 408         return ret;
 409     if (addressless)
 410         opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_TRUE;
 411     else
 412         opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE;
 413     return 0;
 414 }
 415 
 416 krb5_error_code KRB5_LIB_FUNCTION
 417 krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 418                                          krb5_get_init_creds_opt *opt,
 419                                          krb5_boolean req)
 420 {
 421     krb5_error_code ret;
 422     ret = require_ext_opt(context, opt, "init_creds_opt_set_canonicalize");
 423     if (ret)
 424         return ret;
 425     if (req)
 426         opt->opt_private->flags |= KRB5_INIT_CREDS_CANONICALIZE;
 427     else
 428         opt->opt_private->flags &= ~KRB5_INIT_CREDS_CANONICALIZE;
 429     return 0;
 430 }
 431 
 432 krb5_error_code KRB5_LIB_FUNCTION
 433 krb5_get_init_creds_opt_set_win2k(krb5_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 434                                   krb5_get_init_creds_opt *opt,
 435                                   krb5_boolean req)
 436 {
 437     krb5_error_code ret;
 438     ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
 439     if (ret)
 440         return ret;
 441     if (req)
 442         opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
 443     else
 444         opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
 445     return 0;
 446 }
 447 

/* [<][>][^][v][top][bottom][index][help] */