1 /* $NetBSD: copy_cred_cache.c,v 1.1.1.2 2014/04/24 12:45:28 pettai Exp $ */
4 * Copyright (c) 2004 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include "kuser_locl.h"
38 #include <krb5/parse_units.h>
39 #include <krb5/parse_time.h>
40 #include "kcc-commands.h"
47 for (i
= 0; i
< 32; i
++) {
55 parse_ticket_flags(krb5_context context
,
56 const char *string
, krb5_ticket_flags
*ret_flags
)
59 int flags
= parse_flags(string
, asn1_TicketFlags_units(), 0);
60 if (flags
== -1) /* XXX */
61 krb5_errx(context
, 1, "bad flags specified: \"%s\"", string
);
63 memset(&ff
, 0, sizeof(ff
));
65 if ((size_t)parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff
))
68 ret_flags
->i
= bitswap32(flags
);
72 krb5_flags whichfields
;
77 matchfunc(krb5_context context
, void *ptr
, const krb5_creds
*creds
)
79 struct ctx
*ctx
= ptr
;
80 if (krb5_compare_creds(context
, ctx
->whichfields
, &ctx
->mcreds
, creds
))
86 copy_cred_cache(struct copy_cred_cache_options
*opt
, int argc
, char **argv
)
89 const char *from_name
, *to_name
;
90 krb5_ccache from_ccache
, to_ccache
;
94 memset(&ctx
, 0, sizeof(ctx
));
96 if (opt
->service_string
) {
97 ret
= krb5_parse_name(kcc_context
, opt
->service_string
, &ctx
.mcreds
.server
);
99 krb5_err(kcc_context
, 1, ret
, "%s", opt
->service_string
);
101 if (opt
->enctype_string
) {
102 krb5_enctype enctype
;
103 ret
= krb5_string_to_enctype(kcc_context
, opt
->enctype_string
, &enctype
);
105 krb5_err(kcc_context
, 1, ret
, "%s", opt
->enctype_string
);
106 ctx
.whichfields
|= KRB5_TC_MATCH_KEYTYPE
;
107 ctx
.mcreds
.session
.keytype
= enctype
;
109 if (opt
->flags_string
) {
110 parse_ticket_flags(kcc_context
, opt
->flags_string
, &ctx
.mcreds
.flags
);
111 ctx
.whichfields
|= KRB5_TC_MATCH_FLAGS
;
113 if (opt
->valid_for_string
) {
114 time_t t
= parse_time(opt
->valid_for_string
, "s");
116 errx(1, "unknown time \"%s\"", opt
->valid_for_string
);
117 ctx
.mcreds
.times
.endtime
= time(NULL
) + t
;
118 ctx
.whichfields
|= KRB5_TC_MATCH_TIMES
;
120 if (opt
->fcache_version_integer
)
121 krb5_set_fcache_version(kcc_context
, opt
->fcache_version_integer
);
124 from_name
= krb5_cc_default_name(kcc_context
);
131 ret
= krb5_cc_resolve(kcc_context
, from_name
, &from_ccache
);
133 krb5_err(kcc_context
, 1, ret
, "%s", from_name
);
135 if (opt
->krbtgt_only_flag
) {
136 krb5_principal client
;
137 ret
= krb5_cc_get_principal(kcc_context
, from_ccache
, &client
);
139 krb5_err(kcc_context
, 1, ret
, "getting default principal");
140 ret
= krb5_make_principal(kcc_context
, &ctx
.mcreds
.server
,
141 krb5_principal_get_realm(kcc_context
, client
),
143 krb5_principal_get_realm(kcc_context
, client
),
146 krb5_err(kcc_context
, 1, ret
, "constructing krbtgt principal");
147 krb5_free_principal(kcc_context
, client
);
149 ret
= krb5_cc_resolve(kcc_context
, to_name
, &to_ccache
);
151 krb5_err(kcc_context
, 1, ret
, "%s", to_name
);
153 ret
= krb5_cc_copy_match_f(kcc_context
, from_ccache
, to_ccache
,
154 matchfunc
, &ctx
, &matched
);
156 krb5_err(kcc_context
, 1, ret
, "copying cred cache");
158 krb5_cc_close(kcc_context
, from_ccache
);
160 krb5_cc_destroy(kcc_context
, to_ccache
);
162 krb5_cc_close(kcc_context
, to_ccache
);