2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
36 __RCSID("$Heimdal: verify_init.c 15555 2005-07-06 00:48:16Z lha $"
39 void KRB5_LIB_FUNCTION
40 krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt
*options
)
42 memset (options
, 0, sizeof(*options
));
45 void KRB5_LIB_FUNCTION
46 krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt
*options
,
49 options
->flags
|= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
;
50 options
->ap_req_nofail
= ap_req_nofail
;
58 fail_verify_is_ok (krb5_context context
,
59 krb5_verify_init_creds_opt
*options
)
61 if ((options
->flags
& KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
62 && options
->ap_req_nofail
!= 0)
63 || krb5_config_get_bool (context
,
66 "verify_ap_req_nofail",
73 krb5_error_code KRB5_LIB_FUNCTION
74 krb5_verify_init_creds(krb5_context context
,
76 krb5_principal ap_req_server
,
77 krb5_keytab ap_req_keytab
,
79 krb5_verify_init_creds_opt
*options
)
83 krb5_ccache local_ccache
= NULL
;
84 krb5_creds
*new_creds
= NULL
;
85 krb5_auth_context auth_context
= NULL
;
86 krb5_principal server
= NULL
;
87 krb5_keytab keytab
= NULL
;
89 krb5_data_zero (&req
);
91 if (ap_req_server
== NULL
) {
92 char local_hostname
[MAXHOSTNAMELEN
];
94 if (gethostname (local_hostname
, sizeof(local_hostname
)) < 0) {
96 krb5_set_error_string (context
, "gethostname: %s",
101 ret
= krb5_sname_to_principal (context
,
109 server
= ap_req_server
;
111 if (ap_req_keytab
== NULL
) {
112 ret
= krb5_kt_default (context
, &keytab
);
116 keytab
= ap_req_keytab
;
118 if (ccache
&& *ccache
)
119 local_ccache
= *ccache
;
121 ret
= krb5_cc_gen_new (context
, &krb5_mcc_ops
, &local_ccache
);
124 ret
= krb5_cc_initialize (context
,
129 ret
= krb5_cc_store_cred (context
,
136 if (!krb5_principal_compare (context
, server
, creds
->server
)) {
137 krb5_creds match_cred
;
139 memset (&match_cred
, 0, sizeof(match_cred
));
141 match_cred
.client
= creds
->client
;
142 match_cred
.server
= server
;
144 ret
= krb5_get_credentials (context
,
150 if (fail_verify_is_ok (context
, options
))
157 ret
= krb5_mk_req_extended (context
,
164 krb5_auth_con_free (context
, auth_context
);
170 ret
= krb5_rd_req (context
,
178 if (ret
== KRB5_KT_NOTFOUND
&& fail_verify_is_ok (context
, options
))
182 krb5_auth_con_free (context
, auth_context
);
183 krb5_data_free (&req
);
184 if (new_creds
!= NULL
)
185 krb5_free_creds (context
, new_creds
);
186 if (ap_req_server
== NULL
&& server
)
187 krb5_free_principal (context
, server
);
188 if (ap_req_keytab
== NULL
&& keytab
)
189 krb5_kt_close (context
, keytab
);
190 if (local_ccache
!= NULL
193 || (ret
!= 0 && *ccache
== NULL
)))
194 krb5_cc_destroy (context
, local_ccache
);
196 if (ret
== 0 && ccache
!= NULL
&& *ccache
== NULL
)
197 *ccache
= local_ccache
;