2 * Copyright (c) 1997 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include "krb5_locl.h"
44 krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt
*options
)
46 memset (options
, 0, sizeof(*options
));
50 krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt
*options
,
53 options
->flags
|= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
;
54 options
->ap_req_nofail
= ap_req_nofail
;
58 krb5_verify_init_creds(krb5_context context
,
60 krb5_principal ap_req_server
,
61 krb5_keytab ap_req_keytab
,
63 krb5_verify_init_creds_opt
*options
)
67 krb5_ccache local_ccache
;
68 krb5_keytab_entry entry
;
69 krb5_creds
*new_creds
= NULL
;
70 krb5_auth_context auth_context
= NULL
;
71 krb5_principal server
= NULL
;
72 krb5_keytab keytab
= NULL
;
74 krb5_data_zero (&req
);
75 memset (&entry
, 0, sizeof(entry
));
77 if (ap_req_server
== NULL
) {
78 char local_hostname
[MAXHOSTNAMELEN
];
80 if (gethostname (local_hostname
, sizeof(local_hostname
)) < 0)
83 ret
= krb5_sname_to_principal (context
,
91 server
= ap_req_server
;
93 if (ap_req_keytab
== NULL
) {
94 ret
= krb5_kt_default (context
, &keytab
);
98 keytab
= ap_req_keytab
;
100 if (ccache
&& *ccache
)
101 local_ccache
= *ccache
;
103 ret
= krb5_cc_gen_new (context
, &krb5_mcc_ops
, &local_ccache
);
106 ret
= krb5_cc_initialize (context
,
111 ret
= krb5_cc_store_cred (context
,
118 if (!krb5_principal_compare (context
, server
, creds
->server
)) {
119 krb5_creds match_cred
;
121 memset (&match_cred
, 0, sizeof(match_cred
));
123 match_cred
.client
= creds
->client
;
124 match_cred
.server
= server
;
126 ret
= krb5_get_credentials (context
,
136 ret
= krb5_mk_req_extended (context
,
143 krb5_auth_con_free (context
, auth_context
);
149 ret
= krb5_kt_get_entry (context
,
158 if (((options
->flags
& KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
) &&
159 options
->ap_req_nofail
== 1) ||
160 krb5_config_get_bool (context
->cf
,
162 "verify_ap_req_nofail",
171 ret
= krb5_rd_req_with_keyblock (context
,
181 krb5_auth_con_free (context
, auth_context
);
182 krb5_data_free (&req
);
183 krb5_kt_free_entry (context
, &entry
);
185 krb5_free_creds (context
, new_creds
);
186 if (ap_req_server
== NULL
&& server
)
187 krb5_free_principal (context
, server
);
188 if (ap_req_keytab
== NULL
&& keytab
)
189 krb5_kt_close (context
, keytab
);
191 || (ret
!= 0 && *ccache
== NULL
))
192 krb5_cc_destroy (context
, local_ccache
);
194 if (ret
== 0 && ccache
!= NULL
&& *ccache
== NULL
)
195 *ccache
= local_ccache
;