2 Unix SMB/CIFS implementation.
3 kerberos utility library
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Remus Koos 2001
6 Copyright (C) Nalin Dahyabhai 2004.
7 Copyright (C) Jeremy Allison 2004.
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "system/kerberos.h"
26 #include "auth/kerberos/kerberos.h"
31 simulate a kinit, putting the tgt in the given credentials cache.
32 Orignally by remus@snapserver.com
34 This version is built to use a keyblock, rather than needing the
37 The impersonate_principal is the principal if NULL, or the principal to impersonate
39 The target_service defaults to the krbtgt if NULL, but could be kpasswd/realm or the local service (if we are doing s4u2self)
41 krb5_error_code
kerberos_kinit_keyblock_cc(krb5_context ctx
, krb5_ccache cc
,
42 krb5_principal principal
, krb5_keyblock
*keyblock
,
43 const char *target_service
,
44 krb5_get_init_creds_opt
*krb_options
,
45 time_t *expire_time
, time_t *kdc_time
)
47 krb5_error_code code
= 0;
50 if ((code
= krb5_get_init_creds_keyblock(ctx
, &my_creds
, principal
, keyblock
,
51 0, target_service
, krb_options
))) {
55 if ((code
= krb5_cc_initialize(ctx
, cc
, principal
))) {
56 krb5_free_cred_contents(ctx
, &my_creds
);
60 if ((code
= krb5_cc_store_cred(ctx
, cc
, &my_creds
))) {
61 krb5_free_cred_contents(ctx
, &my_creds
);
66 *expire_time
= (time_t) my_creds
.times
.endtime
;
70 *kdc_time
= (time_t) my_creds
.times
.starttime
;
73 krb5_free_cred_contents(ctx
, &my_creds
);
79 simulate a kinit, putting the tgt in the given credentials cache.
80 Orignally by remus@snapserver.com
82 The impersonate_principal is the principal if NULL, or the principal to impersonate
84 The target_service defaults to the krbtgt if NULL, but could be kpasswd/realm or the local service (if we are doing s4u2self)
87 krb5_error_code
kerberos_kinit_password_cc(krb5_context ctx
, krb5_ccache cc
,
88 krb5_principal principal
, const char *password
,
89 krb5_principal impersonate_principal
, const char *target_service
,
90 krb5_get_init_creds_opt
*krb_options
,
91 time_t *expire_time
, time_t *kdc_time
)
93 krb5_error_code code
= 0;
95 krb5_creds
*impersonate_creds
;
96 krb5_get_creds_opt options
;
98 /* If we are not impersonating, then get this ticket for the
99 * target service, otherwise a krbtgt, and get the next ticket
101 if ((code
= krb5_get_init_creds_password(ctx
, &my_creds
, principal
, password
,
104 impersonate_principal
? NULL
: target_service
,
109 if ((code
= krb5_cc_initialize(ctx
, cc
, principal
))) {
110 krb5_free_cred_contents(ctx
, &my_creds
);
114 if ((code
= krb5_cc_store_cred(ctx
, cc
, &my_creds
))) {
115 krb5_free_cred_contents(ctx
, &my_creds
);
120 *expire_time
= (time_t) my_creds
.times
.endtime
;
124 *kdc_time
= (time_t) my_creds
.times
.starttime
;
127 krb5_free_cred_contents(ctx
, &my_creds
);
129 if (code
== 0 && impersonate_principal
) {
130 krb5_principal target_princ
;
131 if ((code
= krb5_get_creds_opt_alloc(ctx
, &options
))) {
135 if ((code
= krb5_get_creds_opt_set_impersonate(ctx
, options
, impersonate_principal
))) {
136 krb5_get_creds_opt_free(ctx
, options
);
140 if ((code
= krb5_parse_name(ctx
, target_service
, &target_princ
))) {
141 krb5_get_creds_opt_free(ctx
, options
);
145 if ((code
= krb5_principal_set_realm(ctx
, target_princ
, krb5_principal_get_realm(ctx
, principal
)))) {
146 krb5_get_creds_opt_free(ctx
, options
);
147 krb5_free_principal(ctx
, target_princ
);
151 if ((code
= krb5_get_creds(ctx
, options
, cc
, target_princ
, &impersonate_creds
))) {
152 krb5_free_principal(ctx
, target_princ
);
153 krb5_get_creds_opt_free(ctx
, options
);
157 krb5_free_principal(ctx
, target_princ
);
159 code
= krb5_cc_store_cred(ctx
, cc
, impersonate_creds
);
160 krb5_get_creds_opt_free(ctx
, options
);
161 krb5_free_creds(ctx
, impersonate_creds
);