search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*** empty log message ***
[shishi.git] / lib / tkts.c
blob00287ea982264058ff0f2b6d3adb2fd0e344dbe0
1 /* tkts.c Ticket set handling.
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 #include "internal.h"
23
24 struct Shishi_tkts
25 {
26 Shishi *handle;
27 Shishi_tkt **tkts;
28 int ntkts;
29 };
30
31 /**
32 * shishi_tkts_default_file_guess:
33 *
34 * Guesses the default ticket filename; it is $HOME/.shishi/tickets.
35 *
36 * Return value: Returns default tkts filename as a string that
37 * has to be deallocated with free() by the caller.
38 **/
39 char *
40 shishi_tkts_default_file_guess (void)
41 {
42 char *home;
43 char *p;
44
45 home = getenv ("HOME");
46
47 if (home == NULL)
48 home = "";
49
50 shishi_asprintf (&p, "%s%s", home, TICKET_FILE);
51
52 return p;
53 }
54
55 /**
56 * shishi_tkts_default_file:
57 * @handle: Shishi library handle create by shishi_init().
58 *
59 * Return value: Returns the default ticket set filename used in the
60 * library. (Not a copy of it, so don't modify or deallocate it.)
61 **/
62 const char *
63 shishi_tkts_default_file (Shishi * handle)
64 {
65 if (!handle->tktsdefaultfile)
66 {
67 char *p;
68
69 p = shishi_tkts_default_file_guess ();
70 shishi_tkts_default_file_set (handle, p);
71 free (p);
72 }
73
74 return handle->tktsdefaultfile;
75 }
76
77 /**
78 * shishi_tkts_default_file_set:
79 * @handle: Shishi library handle create by shishi_init().
80 * @tktsfile: string with new default tkts file name, or
81 * NULL to reset to default.
82 *
83 * Set the default ticket set filename used in the library. The
84 * string is copied into the library, so you can dispose of the
85 * variable immediately after calling this function.
86 **/
87 void
88 shishi_tkts_default_file_set (Shishi * handle, const char *tktsfile)
89 {
90 if (handle->tktsdefaultfile)
91 free (handle->tktsdefaultfile);
92 if (tktsfile)
93 handle->tktsdefaultfile = strdup (tktsfile);
94 else
95 handle->tktsdefaultfile = NULL;
96 }
97
98 /**
99 * shishi_tkts_default:
100 * @handle: Shishi library handle create by shishi_init().
101 *
102 * Return value: Return the handle global ticket set.
103 **/
104 Shishi_tkts *
105 shishi_tkts_default (Shishi * handle)
106 {
107 if (handle->tkts == NULL &&
108 (shishi_tkts (handle, &handle->tkts) != SHISHI_OK))
109 handle->tkts = NULL;
110
111 return handle->tkts;
112 }
113
114 int
115 shishi_tkts_default_to_file (Shishi_tkts * tkts)
116 {
117 shishi_tkts_to_file (tkts, shishi_tkts_default_file (tkts->handle));
118 }
119
120 /**
121 * shishi_tkts:
122 * @handle: shishi handle as allocated by shishi_init().
123 * @tkts: output pointer to newly allocated tkts handle.
124 *
125 * Return value: Returns %SHISHI_OK iff successful.
126 **/
127 int
128 shishi_tkts (Shishi * handle, Shishi_tkts ** tkts)
129 {
130 *tkts = malloc (sizeof (**tkts));
131 if (*tkts == NULL)
132 return SHISHI_MALLOC_ERROR;
133 memset (*tkts, 0, sizeof (**tkts));
134
135 (*tkts)->handle = handle;
136
137 return SHISHI_OK;
138 }
139
140 /**
141 * shishi_tkts_done:
142 * @tkts: ticket set handle as allocated by shishi_tkts().
143 *
144 * Deallocates all resources associated with ticket set. The ticket
145 * set handle must not be used in calls to other shishi_tkts_*()
146 * functions after this.
147 **/
148 void
149 shishi_tkts_done (Shishi_tkts ** tkts)
150 {
151 Shishi_tkts *tset;
152
153 if (!tkts || !*tkts)
154 return;
155
156 tset = *tkts;
157
158 if (tset->tkts)
159 free (tset->tkts);
160 free (tset);
161
162 return;
163 }
164
165 /**
166 * shishi_tkts_size:
167 * @tkts: ticket set handle as allocated by shishi_tkts().
168 *
169 * Return value: Returns number of tickets stored in ticket set.
170 **/
171 int
172 shishi_tkts_size (Shishi_tkts * tkts)
173 {
174 return tkts->ntkts;
175 }
176
177 /**
178 * shishi_tkts_nth:
179 * @tkts: ticket set handle as allocated by shishi_tkts().
180 * @ticketno: integer indicating requested ticket in ticket set.
181 *
182 * Return value: Returns a ticket handle to the ticketno:th ticket in
183 * the ticket set, or NULL if ticket set is invalid or ticketno is out
184 * of bounds. The first ticket is ticketno 0, the second ticketno 1,
185 * and so on.
186 **/
187 Shishi_tkt *
188 shishi_tkts_nth (Shishi_tkts * tkts, int ticketno)
189 {
190 if (tkts == NULL || ticketno >= tkts->ntkts)
191 return NULL;
192
193 return tkts->tkts[ticketno];
194 }
195
196 /**
197 * shishi_tkts_remove:
198 * @tkts: ticket set handle as allocated by shishi_tkts().
199 * @ticketnum: ticket number of ticket in the set to remove. The
200 * first ticket is ticket number 0.
201 *
202 * Return value: Returns SHISHI_OK if succesful or if ticketno
203 * larger than size of ticket set.
204 **/
205 int
206 shishi_tkts_remove (Shishi_tkts * tkts, int ticketno)
207 {
208 if (!tkts)
209 return SHISHI_INVALID_TKTS;
210
211 if (ticketno >= tkts->ntkts)
212 return SHISHI_OK;
213
214 if (ticketno < tkts->ntkts)
215 memmove (&tkts->tkts[ticketno], &tkts->tkts[ticketno + 1],
216 sizeof (*tkts->tkts) * (tkts->ntkts - ticketno - 1));
217
218 --tkts->ntkts;
219
220 if (tkts->ntkts > 0)
221 {
222 tkts->tkts = realloc (tkts->tkts, sizeof (*tkts->tkts) * tkts->ntkts);
223 if (tkts->tkts == NULL)
224 return SHISHI_MALLOC_ERROR;
225 }
226 else
227 {
228 if (tkts->tkts)
229 free (tkts->tkts);
230 tkts->tkts = NULL;
231 }
232
233 return SHISHI_OK;
234 }
235
236 /**
237 * shishi_tkts_add:
238 * @tkts: ticket set handle as allocated by shishi_tkts().
239 * @ticket: ticket to be added to ticket set.
240 *
241 * Return value: Returns SHISHI_OK iff succesful.
242 **/
243 int
244 shishi_tkts_add (Shishi_tkts * tkts, Shishi_tkt * tkt)
245 {
246 if (!tkt)
247 return SHISHI_INVALID_TICKET;
248
249 if (tkts->ntkts++ == 0)
250 tkts->tkts = malloc (sizeof (*tkts->tkts));
251 else
252 tkts->tkts = realloc (tkts->tkts, sizeof (*tkts->tkts) * tkts->ntkts);
253 if (tkts->tkts == NULL)
254 return SHISHI_MALLOC_ERROR;
255
256 tkts->tkts[tkts->ntkts - 1] = tkt;
257
258 return SHISHI_OK;
259 }
260
261 /**
262 * shishi_tkts_new:
263 * @tkts: ticket set handle as allocated by shishi_tkts().
264 * @ticket: input ticket variable.
265 * @enckdcreppart: input ticket detail variable.
266 * @kdcrep: input KDC-REP variable.
267 *
268 * Allocate a new ticket and add it to the ticket set.
269 *
270 * Return value: Returns SHISHI_OK iff succesful.
271 **/
272 int
273 shishi_tkts_new (Shishi_tkts * tkts,
274 Shishi_asn1 ticket, Shishi_asn1 enckdcreppart,
275 Shishi_asn1 kdcrep)
276 {
277 Shishi_tkt *tkt;
278 int res;
279
280 tkt = shishi_tkt2 (tkts->handle, ticket, enckdcreppart, kdcrep);
281 if (tkt == NULL)
282 return SHISHI_MALLOC_ERROR;
283
284 res = shishi_tkts_add (tkts, tkt);
285 if (res != SHISHI_OK)
286 {
287 free (tkt);
288 return res;
289 }
290
291 return SHISHI_OK;
292 }
293
294 /**
295 * shishi_tkts_read:
296 * @tkts: ticket set handle as allocated by shishi_tkts().
297 * @fh: file descriptor to read from.
298 *
299 * Read tickets from file descriptor and add them to the ticket set.
300 *
301 * Return value: Returns SHISHI_OK iff succesful.
302 **/
303 int
304 shishi_tkts_read (Shishi_tkts * tkts, FILE * fh)
305 {
306 int res;
307
308 res = SHISHI_OK;
309 while (!feof (fh))
310 {
311 Shishi_asn1 ticket;
312 Shishi_asn1 enckdcreppart;
313 Shishi_asn1 kdcrep;
314
315 res = shishi_kdcrep_parse (tkts->handle, fh, &kdcrep);
316 if (res != SHISHI_OK)
317 {
318 res = SHISHI_OK;
319 break;
320 }
321
322 res = shishi_enckdcreppart_parse (tkts->handle, fh, &enckdcreppart);
323 if (res != SHISHI_OK)
324 break;
325
326 res = shishi_ticket_parse (tkts->handle, fh, &ticket);
327 if (res != SHISHI_OK)
328 break;
329
330 res = shishi_tkts_new (tkts, ticket, enckdcreppart, kdcrep);
331 if (res != SHISHI_OK)
332 break;
333
334 if (VERBOSE (tkts->handle))
335 {
336 printf ("Read ticket for principal `':\n");
337 shishi_kdcrep_print (tkts->handle, stdout, kdcrep);
338 shishi_enckdcreppart_print (tkts->handle, stdout, enckdcreppart);
339 shishi_ticket_print (tkts->handle, stdout, ticket);
340 }
341 }
342
343 return res;
344 }
345
346 /**
347 * shishi_tkts_from_file:
348 * @tkts: ticket set handle as allocated by shishi_tkts().
349 * @filename: filename to read tickets from.
350 *
351 * Read tickets from file and add them to the ticket set.
352 *
353 * Return value: Returns SHISHI_OK iff succesful.
354 **/
355 int
356 shishi_tkts_from_file (Shishi_tkts * tkts, const char *filename)
357 {
358 FILE *fh;
359 int res;
360
361 fh = fopen (filename, "r");
362 if (fh == NULL)
363 return SHISHI_FOPEN_ERROR;
364
365 res = shishi_tkts_read (tkts, fh);
366 if (res != SHISHI_OK)
367 {
368 fclose (fh);
369 return res;
370 }
371
372 res = fclose (fh);
373 if (res != 0)
374 return SHISHI_FCLOSE_ERROR;
375
376 return SHISHI_OK;
377 }
378
379 /**
380 * shishi_tkts_write:
381 * @tkts: ticket set handle as allocated by shishi_tkts().
382 * @filename: filename to write tickets to.
383 *
384 * Write tickets in set to file descriptor.
385 *
386 * Return value: Returns SHISHI_OK iff succesful.
387 **/
388 int
389 shishi_tkts_write (Shishi_tkts * tkts, FILE * fh)
390 {
391 int res;
392 int i;
393
394 for (i = 0; i < tkts->ntkts; i++)
395 {
396 res = shishi_kdcrep_print
397 (tkts->handle, fh, shishi_tkt_kdcrep (tkts->tkts[i]));
398 if (res != SHISHI_OK)
399 {
400 shishi_error_printf (tkts->handle,
401 "Could not print ticket: %s\n",
402 shishi_strerror_details (tkts->handle));
403 return res;
404 }
405
406 res = shishi_enckdcreppart_print
407 (tkts->handle, fh, shishi_tkt_enckdcreppart (tkts->tkts[i]));
408 if (res != SHISHI_OK)
409 {
410 shishi_error_printf (tkts->handle,
411 "Could not print ticket: %s\n",
412 shishi_strerror_details (tkts->handle));
413 return res;
414 }
415
416 res = shishi_ticket_print (tkts->handle, fh,
417 shishi_tkt_ticket (tkts->tkts[i]));
418 if (res != SHISHI_OK)
419 {
420 shishi_error_printf (tkts->handle,
421 "Could not print ticket: %s\n",
422 shishi_strerror_details (tkts->handle));
423 return res;
424 }
425
426 fprintf (fh, "\n\n");
427 }
428
429 return SHISHI_OK;
430 }
431
432 /**
433 * shishi_tkts_expire:
434 * @tkts: ticket set handle as allocated by shishi_tkts().
435 *
436 * Remove expired tickets from ticket set.
437 *
438 * Return value: Returns SHISHI_OK iff succesful.
439 **/
440 int
441 shishi_tkts_expire (Shishi_tkts * tkts)
442 {
443 int warn = 0;
444 int i = 0;
445
446 while (i < tkts->ntkts)
447 {
448 if (!shishi_tkt_valid_now_p (tkts->tkts[i]))
449 {
450 warn++;
451 shishi_tkts_remove (tkts, i);
452 }
453 else
454 i++;
455 }
456
457 if (VERBOSE (tkts->handle) && warn)
458 shishi_warn (tkts->handle,
459 ngettext ("removed %d expired ticket\n",
460 "removed %d expired tickets\n", warn), warn);
461
462 return SHISHI_OK;
463 }
464
465 /**
466 * shishi_tkts_to_file:
467 * @tkts: ticket set handle as allocated by shishi_tkts().
468 * @filename: filename to write tickets to.
469 *
470 * Write tickets in set to file.
471 *
472 * Return value: Returns SHISHI_OK iff succesful.
473 **/
474 int
475 shishi_tkts_to_file (Shishi_tkts * tkts, const char *filename)
476 {
477 FILE *fh;
478 int res;
479
480 fh = fopen (filename, "w");
481 if (fh == NULL)
482 return SHISHI_FOPEN_ERROR;
483
484 res = shishi_tkts_write (tkts, fh);
485 if (res != SHISHI_OK)
486 {
487 fclose (fh);
488 return res;
489 }
490
491 res = fclose (fh);
492 if (res != 0)
493 return SHISHI_FCLOSE_ERROR;
494
495 return SHISHI_OK;
496 }
497
498 /**
499 * shishi_tkts_print_for_service:
500 * @tkts: ticket set handle as allocated by shishi_tkts().
501 * @fh: file descriptor to print to.
502 * @service: service to limit tickets printed to, or NULL.
503
504 * Print description of tickets for specified service to file
505 * descriptor. If service is NULL, all tickets are printed.
506 *
507 * Return value: Returns SHISHI_OK iff succesful.
508 **/
509 int
510 shishi_tkts_print_for_service (Shishi_tkts * tkts, FILE * fh,
511 const char *service)
512 {
513 int res;
514 int found;
515 int i;
516
517 found = 0;
518 for (i = 0; i < shishi_tkts_size (tkts); i++)
519 {
520 Shishi_tkt *tkt = shishi_tkts_nth (tkts, i);
521
522 if (service)
523 {
524 char *buf;
525 int buflen;
526
527 buflen = strlen (service) + 1;
528 buf = malloc (buflen);
529 if (buf == NULL)
530 {
531 res = SHISHI_MALLOC_ERROR;
532 goto done;
533 }
534
535 res = shishi_tkt_server (tkt, buf, &buflen);
536 if (res != SHISHI_OK)
537 {
538 free (buf);
539 continue;
540 }
541 buf[buflen] = '\0';
542
543 if (strcmp (service, buf) != 0)
544 {
545 free (buf);
546 continue;
547 }
548
549 free (buf);
550 }
551
552 printf ("\n");
553 res = shishi_tkt_pretty_print (shishi_tkts_nth (tkts, i), fh);
554 if (res != SHISHI_OK)
555 goto done;
556
557 found++;
558 }
559
560 if (found)
561 {
562 printf (ngettext ("\n%d ticket found.\n", "\n%d tickets found.\n",
563 found), found);
564 }
565 else
566 {
567 if (service)
568 printf ("\nNo matching tickets found.\n");
569 else
570 printf ("\nNo tickets found.\n");
571 }
572
573 res = 0;
574
575 done:
576 if (res != SHISHI_OK)
577 fprintf (stderr, "Could not list tickets: %s", shishi_strerror (res));
578 return res;
579 }
580
581 /**
582 * shishi_tkts_print:
583 * @tkts: ticket set handle as allocated by shishi_tkts().
584 * @fh: file descriptor to print to.
585 *
586 * Print description of all tickets to file descriptor.
587 *
588 * Return value: Returns SHISHI_OK iff succesful.
589 **/
590 int
591 shishi_tkts_print (Shishi_tkts * tkts, FILE * fh)
592 {
593 return shishi_tkts_print_for_service (tkts, fh, NULL);
594 }
595
596 /**
597 * shishi_tkt_match_p:
598 * @tkt: ticket to test hints on.
599 * @hint: structure with characteristics of ticket to be found.
600 *
601 * Return value: Returns 0 iff ticket fails to match given criteria.
602 **/
603 int
604 shishi_tkt_match_p (Shishi_tkt * tkt, Shishi_tkts_hint * hint)
605 {
606 if (hint->server && !shishi_tkt_server_p (tkt, hint->server))
607 return 0;
608
609 if (hint->client && !shishi_tkt_client_p (tkt, hint->client))
610 return 0;
611
612 if (!(hint->flags & SHISHI_TKTSHINTFLAGS_ACCEPT_EXPIRED) &&
613 !shishi_tkt_valid_now_p (tkt))
614 return 0;
615
616 if (hint->etype && !shishi_tkt_keytype_p (tkt, hint->etype))
617 return 0;
618
619 return 1;
620 }
621
622 /**
623 * shishi_tkts_find:
624 * @tkts: ticket set handle as allocated by shishi_tkts().
625 * @hint: structure with characteristics of ticket to be found.
626 *
627 * Search the ticketset sequentially (from ticket number 0 through all
628 * tickets in the set) for a ticket that fits the given
629 * characteristics. If a ticket is found, the hint->startpos field is
630 * updated to point to the next ticket in the set, so this function
631 * can be called repeatedly with the same hint argument in order to
632 * find all tickets matching a certain criterium. Note that if
633 * tickets are added to, or removed from, the ticketset during a query
634 * with the same hint argument, the hint->startpos field must be
635 * updated appropriately.
636 *
637 * Here is how you would typically use this function:
638 *
639 * Shishi_tkts_hint hint;
640 *
641 * Shishi_tkt tkt;
642 *
643 * ...
644 *
645 * memset(&hint, 0, sizeof(hint));
646 *
647 * hint.server = "imap/mail.example.org";
648 *
649 * tkt = shishi_tkts_find (shishi_tkts_default(handle), &hint);
650 *
651 * if (!tkt)
652 *
653 * printf("No ticket found...\n");
654 *
655 * else
656 *
657 * ...do something with ticket
658 *
659 * Return value: Returns a ticket if found, or NULL if no further
660 * matching tickets could be found.
661 **/
662 Shishi_tkt *
663 shishi_tkts_find (Shishi_tkts * tkts, Shishi_tkts_hint * hint)
664 {
665 int i;
666
667 if (VERBOSENOICE(tkts->handle))
668 {
669 fprintf (stderr, "Searching tickets... ");
670 if (hint->server)
671 fprintf (stderr, "server=`%s' ", hint->server);
672 if (hint->client)
673 fprintf (stderr, "client=`%s' ", hint->client);
674 fprintf (stderr, "\n");
675 }
676
677 for (i = hint->startpos; i < tkts->ntkts; i++)
678 {
679 if (!shishi_tkt_match_p (tkts->tkts[i], hint))
680 continue;
681
682 hint->startpos = i + 1;
683 return tkts->tkts[i];
684 }
685
686 hint->startpos = i;
687 return NULL;
688 }
689
690 /**
691 * shishi_tkts_find_for_clientserver:
692 * @tkts: ticket set handle as allocated by shishi_tkts().
693 * @client: client name to find ticket for.
694 * @server: server name to find ticket for.
695 *
696 * Short-hand function for searching the ticket set for a ticket for
697 * the given client and server. See shishi_tkts_find().
698 *
699 * Return value: Returns a ticket if found, or NULL.
700 **/
701 Shishi_tkt *
702 shishi_tkts_find_for_clientserver (Shishi_tkts * tkts,
703 const char *client, const char *server)
704 {
705 Shishi_tkts_hint hint;
706 Shishi_tkt *tkt;
707
708 memset (&hint, 0, sizeof (hint));
709 hint.server = server;
710 hint.client = client;
711
712 tkt = shishi_tkts_find (tkts, &hint);
713
714 return tkt;
715 }
716
717 /**
718 * shishi_tkts_find_for_server:
719 * @tkts: ticket set handle as allocated by shishi_tkts().
720 * @server: server name to find ticket for.
721 *
722 * Short-hand function for searching the ticket set for a ticket for
723 * the given server using the default client principal. See
724 * shishi_tkts_find_for_clientserver() and shishi_tkts_find().
725 *
726 * Return value: Returns a ticket if found, or NULL.
727 **/
728 Shishi_tkt *
729 shishi_tkts_find_for_server (Shishi_tkts * tkts, const char *server)
730 {
731 return shishi_tkts_find_for_clientserver
732 (tkts, shishi_principal_default (tkts->handle), server);
733 }
734
735 /**
736 * shishi_tkts_get:
737 * @tkts: ticket set handle as allocated by shishi_tkts().
738 * @hint: structure with characteristics of ticket to begot.
739 *
740 * Get a ticket matching given characteristics. This function first
741 * looks in the ticket set for the ticket, then tries to find a TGT
742 * for the realm (possibly by using an AS exchange) and then use the
743 * TGT in a TGS exchange to get the ticket. Currently this function
744 * do not implement cross realm logic.
745 *
746 * Return value: Returns a ticket if found, or NULL if this function
747 * is unable to get the ticket.
748 **/
749 Shishi_tkt *
750 shishi_tkts_get (Shishi_tkts * tkts, Shishi_tkts_hint * hint)
751 {
752 Shishi_tkts_hint lochint;
753 Shishi_tkt *tkt, *tgt;
754 Shishi_tgs *tgs;
755 char *tgtname;
756 int pos;
757 int rc;
758
759 pos = hint->startpos;
760
761 /* Try to get cached ticket ... */
762 tkt = shishi_tkts_find (tkts, hint);
763 if (tkt)
764 return tkt;
765
766 hint->startpos = pos;
767
768 /* Try to get cached TGT ... */
769 memset (&lochint, 0, sizeof (lochint));
770 shishi_asprintf (&tgtname, "krbtgt/%s",
771 shishi_realm_default (tkts->handle));
772 lochint.server = tgtname;
773 tgt = shishi_tkts_find (tkts, &lochint);
774 if (tgt == NULL)
775 {
776 Shishi_as *as;
777
778 /* Get TGT ... XXX cross realm */
779
780 rc = shishi_as (tkts->handle, &as);
781 if (rc == SHISHI_OK)
782 rc = shishi_as_sendrecv (as);
783 if (rc == SHISHI_OK)
784 rc = shishi_as_rep_process (as, NULL, hint->passwd);
785 if (rc != SHISHI_OK)
786 {
787 printf ("AS exchange failed: %s\n%s\n", shishi_strerror (rc),
788 shishi_strerror_details (tkts->handle));
789 if (rc == SHISHI_GOT_KRBERROR)
790 shishi_krberror_pretty_print (tkts->handle, stdout,
791 shishi_as_krberror (as));
792 return NULL;
793 }
794
795 tgt = shishi_as_tkt (as);
796
797 if (!tgt)
798 {
799 printf ("No ticket in AS-REP?!: %s\n",
800 shishi_strerror_details (tkts->handle));
801 return NULL;
802 }
803
804 if (VERBOSEASN1 (tkts->handle))
805 shishi_tkt_pretty_print (tgt, stdout);
806
807 rc = shishi_tkts_add (tkts, tgt);
808 if (rc != SHISHI_OK)
809 printf ("Could not add ticket: %s", shishi_strerror (rc));
810
811 }
812
813 /* Maybe user asked for TGT ... */
814 if (shishi_tkt_match_p (tgt, hint))
815 return tgt;
816
817 /* Get ticket using TGT ... */
818 rc = shishi_tgs (tkts->handle, &tgs);
819 shishi_tgs_tgtkt_set (tgs, tgt);
820 if (rc == SHISHI_OK)
821 rc = shishi_tgs_set_server (tgs, hint->server);
822 if (rc == SHISHI_OK)
823 rc = shishi_tgs_req_build (tgs);
824 if (rc == SHISHI_OK)
825 rc = shishi_tgs_sendrecv (tgs);
826 if (rc == SHISHI_OK)
827 rc = shishi_tgs_rep_process (tgs);
828 if (rc != SHISHI_OK)
829 {
830 printf ("TGS exchange failed: %s\n%s\n", shishi_strerror (rc),
831 shishi_strerror_details (tkts->handle));
832 if (rc == SHISHI_GOT_KRBERROR)
833 shishi_krberror_pretty_print (tkts->handle, stdout,
834 shishi_tgs_krberror (tgs));
835 return NULL;
836 }
837
838 tkt = shishi_tgs_tkt (tgs);
839
840 if (!tkt)
841 {
842 printf ("No ticket in TGS-REP?!: %s\n",
843 shishi_strerror_details (tkts->handle));
844 return NULL;
845 }
846
847 if (VERBOSEASN1 (tkts->handle))
848 shishi_tkt_pretty_print (tkt, stdout);
849
850 rc = shishi_tkts_add (tkts, tkt);
851 if (rc != SHISHI_OK)
852 printf ("Could not add ticket: %s", shishi_strerror (rc));
853
854 return tkt;
855 }
856
857 /**
858 * shishi_tkts_get_for_clientserver:
859 * @tkts: ticket set handle as allocated by shishi_tkts().
860 * @client: client name to get ticket for.
861 * @server: server name to get ticket for.
862 *
863 * Short-hand function for getting a ticket for the given client and
864 * server. See shishi_tkts_get().
865 *
866 * Return value: Returns a ticket if found, or NULL.
867 **/
868 Shishi_tkt *
869 shishi_tkts_get_for_clientserver (Shishi_tkts * tkts,
870 const char *client, const char *server)
871 {
872 Shishi_tkts_hint hint;
873 Shishi_tkt *tkt;
874
875 memset (&hint, 0, sizeof (hint));
876 hint.client = client;
877 hint.server = server;
878
879 tkt = shishi_tkts_get (tkts, &hint);
880
881 return tkt;
882 }
883
884 /**
885 * shishi_tkts_get_for_server:
886 * @tkts: ticket set handle as allocated by shishi_tkts().
887 * @server: server name to get ticket for.
888 *
889 * Short-hand function for getting a ticket for the given server and
890 * the default principal client. See shishi_tkts_get().
891 *
892 * Return value: Returns a ticket if found, or NULL.
893 **/
894 Shishi_tkt *
895 shishi_tkts_get_for_server (Shishi_tkts * tkts, const char *server)
896 {
897 return shishi_tkts_get_for_clientserver
898 (tkts, shishi_principal_default (tkts->handle), server);
899 }
900
901 Shishi_tkt *
902 shishi_tkts_get_for_localservicepasswd (Shishi_tkts * tkts,
903 const char *service,
904 const char *passwd)
905 {
906 Shishi_tkts_hint hint;
907 char buf[HOST_NAME_MAX];
908 int ret;
909
910 strcpy (buf, service);
911 strcat (buf, "/");
912
913 ret = gethostname (&buf[strlen (service) + 1],
914 sizeof (buf) - strlen (service) - 1);
915 buf[sizeof (buf) - 1] = '\0';
916
917 if (ret != 0)
918 strcpy (&buf[strlen (service) + 1], "localhost");
919
920 memset (&hint, 0, sizeof (hint));
921 hint.client = shishi_principal_default (tkts->handle);
922 hint.server = buf;
923 hint.passwd = passwd;
924
925 return shishi_tkts_get (tkts, &hint);
926 }
Free Kerberos V5 implementation