search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tests: Use here-doc kadmin in Java test
[heimdal.git] / lib / gssapi / krb5 / copy_ccache.c
blobfc0b9b128723eb8d9caf4676df0e386c908bc5bc
1 /*
2 * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "gsskrb5_locl.h"
35
36 #if 0
37 OM_uint32
38 gss_krb5_copy_ccache(OM_uint32 *minor_status,
39 krb5_context context,
40 gss_cred_id_t cred,
41 krb5_ccache out)
42 {
43 krb5_error_code kret;
44
45 HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
46
47 if (cred->ccache == NULL) {
48 HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
49 *minor_status = EINVAL;
50 return GSS_S_FAILURE;
51 }
52
53 kret = krb5_cc_copy_cache(context, cred->ccache, out);
54 HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
55 if (kret) {
56 *minor_status = kret;
57 return GSS_S_FAILURE;
58 }
59 *minor_status = 0;
60 return GSS_S_COMPLETE;
61 }
62 #endif
63
64
65 /*
66 * WARNING: Takes ownership of `id'. Because MEMORY:anonymous is now not
67 * linked into to the MEMORY ccache namespace, we can't use krb5_cc_resolve()
68 * with the cache's name anymore. We need a krb5_cc_clone() or some such, with
69 * attendant new method for ccops. Or we could create a new MEMORY:anonymous
70 * ccache and copy all the creds from `id' into it. But we know callers of
71 * this function don't need `id' after calling it, so for now we'll just take
72 * ownershipd of it.
73 */
74 OM_uint32
75 _gsskrb5_krb5_import_cred(OM_uint32 *minor_status,
76 krb5_ccache *id,
77 krb5_principal keytab_principal,
78 krb5_keytab keytab,
79 gss_cred_id_t *cred)
80 {
81 krb5_context context;
82 krb5_error_code kret;
83 gsskrb5_cred handle;
84 OM_uint32 ret;
85 int id_given = (*id != NULL);
86
87 *cred = NULL;
88
89 GSSAPI_KRB5_INIT (&context);
90
91 handle = calloc(1, sizeof(*handle));
92 if (handle == NULL) {
93 _gsskrb5_clear_status ();
94 *minor_status = ENOMEM;
95 return (GSS_S_FAILURE);
96 }
97 HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
98
99 handle->usage = 0;
100 handle->destination_realm = NULL;
101
102 if (*id) {
103 time_t now;
104 OM_uint32 left;
105
106 handle->usage |= GSS_C_INITIATE;
107
108 kret = krb5_cc_get_principal(context, *id,
109 &handle->principal);
110 if (kret) {
111 free(handle);
112 *minor_status = kret;
113 return GSS_S_FAILURE;
114 }
115
116 if (keytab_principal) {
117 krb5_boolean match;
118
119 match = krb5_principal_compare(context,
120 handle->principal,
121 keytab_principal);
122 if (match == FALSE) {
123 krb5_free_principal(context, handle->principal);
124 free(handle);
125 _gsskrb5_clear_status ();
126 *minor_status = EINVAL;
127 return GSS_S_FAILURE;
128 }
129 }
130
131 krb5_timeofday(context, &now);
132 ret = __gsskrb5_ccache_lifetime(minor_status,
133 context,
134 *id,
135 handle->principal,
136 &left);
137 if (ret != GSS_S_COMPLETE) {
138 krb5_free_principal(context, handle->principal);
139 free(handle);
140 return ret;
141 }
142 handle->endtime = now + left;
143
144 handle->ccache = *id;
145 *id = NULL;
146 }
147
148
149 if (keytab) {
150 char *str;
151
152 handle->usage |= GSS_C_ACCEPT;
153
154 if (keytab_principal && handle->principal == NULL) {
155 kret = krb5_copy_principal(context,
156 keytab_principal,
157 &handle->principal);
158 if (kret)
159 goto out;
160 }
161
162 kret = krb5_kt_get_full_name(context, keytab, &str);
163 if (kret)
164 goto out;
165
166 kret = krb5_kt_resolve(context, str, &handle->keytab);
167 free(str);
168 if (kret)
169 goto out;
170 }
171
172
173 if (id_given || keytab) {
174 ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
175 if (ret == GSS_S_COMPLETE)
176 ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
177 &handle->mechanisms);
178 if (ret != GSS_S_COMPLETE) {
179 kret = *minor_status;
180 goto out;
181 }
182 }
183
184 *minor_status = 0;
185 *cred = (gss_cred_id_t)handle;
186 return GSS_S_COMPLETE;
187
188 out:
189 gss_release_oid_set(minor_status, &handle->mechanisms);
190 if (handle->ccache)
191 krb5_cc_close(context, handle->ccache);
192 if (handle->keytab)
193 krb5_kt_close(context, handle->keytab);
194 if (handle->principal)
195 krb5_free_principal(context, handle->principal);
196 HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
197 free(handle);
198 *minor_status = kret;
199 return GSS_S_FAILURE;
200 }
Heimdal