2 Unix SMB/CIFS implementation.
3 kerberos utility library
4 Copyright (C) Andrew Tridgell 2001
5 Copyright (C) Remus Koos 2001
6 Copyright (C) Nalin Dahyabhai 2004.
7 Copyright (C) Jeremy Allison 2004.
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "system/network.h"
27 #include "system/kerberos.h"
28 #include "system/time.h"
29 #include "auth/kerberos/kerberos.h"
36 #define LIBADS_CCACHE_NAME "MEMORY:libads"
39 we use a prompter to avoid a crash bug in the kerberos libs when
40 dealing with empty passwords
41 this prompter is just a string copy ...
43 static krb5_error_code
44 kerb_prompter(krb5_context ctx, void *data,
48 krb5_prompt prompts[])
50 if (num_prompts == 0) return 0;
52 memset(prompts[0].reply->data, '\0', prompts[0].reply->length);
53 if (prompts[0].reply->length > 0) {
55 strncpy(prompts[0].reply->data, data, prompts[0].reply->length-1);
56 prompts[0].reply->length = strlen(prompts[0].reply->data);
58 prompts[0].reply->length = 0;
65 simulate a kinit, putting the tgt in the given credentials cache.
66 Orignally by remus@snapserver.com
68 This version is built to use a keyblock, rather than needing the
71 int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
72 const char *principal, krb5_keyblock *keyblock,
73 time_t *expire_time, time_t *kdc_time)
75 krb5_error_code code = 0;
78 krb5_get_init_creds_opt options;
80 if ((code = krb5_parse_name(ctx, principal, &me))) {
84 krb5_get_init_creds_opt_init(&options);
86 if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, me, keyblock,
87 0, NULL, &options))) {
88 krb5_free_principal(ctx, me);
92 if ((code = krb5_cc_initialize(ctx, cc, me))) {
93 krb5_free_cred_contents(ctx, &my_creds);
94 krb5_free_principal(ctx, me);
98 if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
99 krb5_free_cred_contents(ctx, &my_creds);
100 krb5_free_principal(ctx, me);
105 *expire_time = (time_t) my_creds.times.endtime;
109 *kdc_time = (time_t) my_creds.times.starttime;
112 krb5_free_cred_contents(ctx, &my_creds);
113 krb5_free_principal(ctx, me);
119 simulate a kinit, putting the tgt in the given credentials cache.
120 Orignally by remus@snapserver.com
122 int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
123 const char *principal, const char *password,
124 time_t *expire_time, time_t *kdc_time)
126 krb5_error_code code = 0;
129 krb5_get_init_creds_opt options;
131 if ((code = krb5_parse_name(ctx, principal, &me))) {
135 krb5_get_init_creds_opt_init(&options);
137 if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, password,
139 NULL, 0, NULL, &options))) {
140 krb5_free_principal(ctx, me);
144 if ((code = krb5_cc_initialize(ctx, cc, me))) {
145 krb5_free_cred_contents(ctx, &my_creds);
146 krb5_free_principal(ctx, me);
150 if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
151 krb5_free_cred_contents(ctx, &my_creds);
152 krb5_free_principal(ctx, me);
157 *expire_time = (time_t) my_creds.times.endtime;
161 *kdc_time = (time_t) my_creds.times.starttime;
164 krb5_free_cred_contents(ctx, &my_creds);
165 krb5_free_principal(ctx, me);