libsmb/clikrb5.c

ソースコードを見る。

関数

krb5_error_code smb_krb5_parse_name (krb5_context context, const char *name, krb5_principal *principal)
static krb5_error_code smb_krb5_parse_name_norealm_conv (krb5_context context, const char *name, krb5_principal *principal)
krb5_error_code smb_krb5_unparse_name (krb5_context context, krb5_const_principal principal, char **unix_name)
krb5_error_code krb5_set_real_time (krb5_context context, int32_t seconds, int32_t microseconds)
krb5_error_code krb5_set_default_tgs_ktypes (krb5_context ctx, const krb5_enctype *enc)
void setup_kaddr (krb5_address *pkaddr, struct sockaddr *paddr)
int create_kerberos_key_from_string_direct (krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype)
int create_kerberos_key_from_string (krb5_context context, krb5_principal host_princ, krb5_data *password, krb5_keyblock *key, krb5_enctype enctype)
krb5_error_code get_kerberos_allowed_etypes (krb5_context context, krb5_enctype **enctypes)
krb5_error_code krb5_auth_con_setuseruserkey (krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock)
BOOL unwrap_pac (TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB *unwrapped_pac_data)
BOOL get_auth_data_from_tkt (TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, krb5_ticket *tkt)
krb5_const_principal get_principal_from_tkt (krb5_ticket *tkt)
krb5_error_code smb_krb5_locate_kdc (krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters)
void krb5_free_unparsed_name (krb5_context context, char *val)
void kerberos_free_data_contents (krb5_context context, krb5_data *pdata)
void kerberos_set_creds_enctype (krb5_creds *pcreds, int enctype)
BOOL kerberos_compatible_enctypes (krb5_context context, krb5_enctype enctype1, krb5_enctype enctype2)
static BOOL ads_cleanup_expired_creds (krb5_context context, krb5_ccache ccache, krb5_creds *credsp)
static krb5_error_code ads_krb5_mk_req (krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, const char *principal, krb5_ccache ccache, krb5_data *outbuf, time_t *expire_time)
int cli_krb5_get_ticket (const char *principal, time_t time_offset, DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire)
BOOL get_krb5_smb_session_key (krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, BOOL remote)
const krb5_data * krb5_princ_component (krb5_context context, krb5_principal principal, int i)
krb5_error_code smb_krb5_kt_free_entry (krb5_context context, krb5_keytab_entry *kt_entry)
void smb_krb5_checksum_from_pac_sig (krb5_checksum *cksum, PAC_SIGNATURE_DATA *sig)
krb5_error_code smb_krb5_verify_checksum (krb5_context context, krb5_keyblock *keyblock, krb5_keyusage usage, krb5_checksum *cksum, uint8 *data, size_t length)
time_t get_authtime_from_tkt (krb5_ticket *tkt)
static int get_kvno_from_ap_req (krb5_ap_req *ap_req)
static krb5_enctype get_enctype_from_ap_req (krb5_ap_req *ap_req)
static krb5_error_code get_key_from_keytab (krb5_context context, krb5_const_principal server, krb5_enctype enctype, krb5_kvno kvno, krb5_keyblock **out_key)
krb5_error_code smb_krb5_get_keyinfo_from_ap_req (krb5_context context, const krb5_data *inbuf, krb5_kvno *kvno, krb5_enctype *enctype)
krb5_error_code krb5_rd_req_return_keyblock_from_keytab (krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket, krb5_keyblock **keyblock)
krb5_error_code smb_krb5_parse_name_norealm (krb5_context context, const char *name, krb5_principal *principal)
BOOL smb_krb5_principal_compare_any_realm (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
krb5_error_code smb_krb5_renew_ticket (const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time)
krb5_error_code smb_krb5_free_addresses (krb5_context context, smb_krb5_addresses *addr)
krb5_error_code smb_krb5_gen_netbios_krb5_address (smb_krb5_addresses **kerb_addr)
void smb_krb5_free_error (krb5_context context, krb5_error *krberror)
krb5_error_code handle_krberror_packet (krb5_context context, krb5_data *packet)
krb5_error_code smb_krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt **opt)
void smb_krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt *opt)
krb5_error_code smb_krb5_mk_error (krb5_context context, krb5_error_code error_code, const krb5_principal server, krb5_data *reply)


関数

krb5_error_code smb_krb5_parse_name ( krb5_context  context,
const char *  name,
krb5_principal *  principal 
)

clikrb5.c50 行で定義されています。

参照先 push_utf8_allocate().

参照元 ads_krb5_chg_password()ads_krb5_mk_req()ads_krb5_set_password()ads_sasl_gssapi_bind()ads_verify_ticket()kerberos_fetch_salt_princ_for_host_princ()kerberos_kinit_password_ext()kerberos_secrets_store_salting_principal()make_krb5_skew_error()smb_krb5_kt_add_entry()smb_krb5_parse_name_norealm()smb_krb5_renew_ticket().

00053 {
00054         krb5_error_code ret;
00055         char *utf8_name;
00056 
00057         if (push_utf8_allocate(&utf8_name, name) == (size_t)-1) {
00058                 return ENOMEM;
00059         }
00060 
00061         ret = krb5_parse_name(context, utf8_name, principal);
00062         SAFE_FREE(utf8_name);
00063         return ret;
00064 }

static krb5_error_code smb_krb5_parse_name_norealm_conv ( krb5_context  context,
const char *  name,
krb5_principal *  principal 
) [static]

clikrb5.c71 行で定義されています。

参照先 push_utf8_allocate().

参照元 smb_krb5_parse_name_norealm().

00074 {
00075         krb5_error_code ret;
00076         char *utf8_name;
00077 
00078         *principal = NULL;
00079         if (push_utf8_allocate(&utf8_name, name) == (size_t)-1) {
00080                 return ENOMEM;
00081         }
00082 
00083         ret = krb5_parse_name_norealm(context, utf8_name, principal);
00084         SAFE_FREE(utf8_name);
00085         return ret;
00086 }

krb5_error_code smb_krb5_unparse_name ( krb5_context  context,
krb5_const_principal  principal,
char **  unix_name 
)

clikrb5.c94 行で定義されています。

参照先 krb5_free_unparsed_name()pull_utf8_allocate().

参照元 ads_keytab_create_default()ads_keytab_verify_ticket()ads_verify_ticket()get_key_from_keytab()kerberos_fetch_salt_princ_for_host_princ()kerberos_secrets_store_salting_principal()smb_krb5_kt_add_entry().

00097 {
00098         krb5_error_code ret;
00099         char *utf8_name;
00100 
00101         *unix_name = NULL;
00102         ret = krb5_unparse_name(context, principal, &utf8_name);
00103         if (ret) {
00104                 return ret;
00105         }
00106 
00107         if (pull_utf8_allocate(unix_name, utf8_name)==-1) {
00108                 krb5_free_unparsed_name(context, utf8_name);
00109                 return ENOMEM;
00110         }
00111         krb5_free_unparsed_name(context, utf8_name);
00112         return 0;
00113 }

krb5_error_code krb5_set_real_time ( krb5_context  context,
int32_t  seconds,
int32_t  microseconds 
)

clikrb5.c119 行で定義されています。

参照元 ads_krb5_mk_req()ads_krb5_set_password()ads_verify_ticket()cli_krb5_get_ticket()kerberos_kinit_password_ext().

00120 {
00121         krb5_error_code ret;
00122         int32_t sec, usec;
00123 
00124         ret = krb5_us_timeofday(context, &sec, &usec);
00125         if (ret)
00126                 return ret;
00127 
00128         context->kdc_sec_offset = seconds - sec;
00129         context->kdc_usec_offset = microseconds - usec;
00130 
00131         return 0;
00132 }

krb5_error_code krb5_set_default_tgs_ktypes ( krb5_context  ctx,
const krb5_enctype *  enc 
)

clikrb5.c147 行で定義されています。

参照元 ads_sasl_gssapi_bind()cli_krb5_get_ticket().

00148 {
00149     return krb5_set_default_tgs_enctypes(ctx, enc);
00150 }

void setup_kaddr ( krb5_address *  pkaddr,
struct sockaddr *  paddr 
)

clikrb5.c166 行で定義されています。

参照元 do_krb5_kpasswd_request().

00167 {
00168         pkaddr->addr_type = KRB5_ADDRESS_INET;
00169         pkaddr->address.length = sizeof(((struct sockaddr_in *)paddr)->sin_addr);
00170         pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr);
00171 }

int create_kerberos_key_from_string_direct ( krb5_context  context,
krb5_principal  host_princ,
krb5_data *  password,
krb5_keyblock *  key,
krb5_enctype  enctype 
)

clikrb5.c185 行で定義されています。

参照元 create_kerberos_key_from_string().

00190 {
00191         int ret;
00192         krb5_data salt;
00193         krb5_encrypt_block eblock;
00194 
00195         ret = krb5_principal2salt(context, host_princ, &salt);
00196         if (ret) {
00197                 DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
00198                 return ret;
00199         }
00200         krb5_use_enctype(context, &eblock, enctype);
00201         ret = krb5_string_to_key(context, &eblock, key, password, &salt);
00202         SAFE_FREE(salt.data);
00203         return ret;
00204 }

int create_kerberos_key_from_string ( krb5_context  context,
krb5_principal  host_princ,
krb5_data *  password,
krb5_keyblock *  key,
krb5_enctype  enctype 
)

clikrb5.c229 行で定義されています。

参照先 create_kerberos_key_from_string_direct()kerberos_fetch_salt_princ_for_host_princ().

参照元 ads_secrets_verify_ticket()smb_krb5_kt_add_entry().

00234 {
00235         krb5_principal salt_princ = NULL;
00236         int ret;
00237         /*
00238          * Check if we've determined that the KDC is salting keys for this
00239          * principal/enctype in a non-obvious way.  If it is, try to match
00240          * its behavior.
00241          */
00242         salt_princ = kerberos_fetch_salt_princ_for_host_princ(context, host_princ, enctype);
00243         ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype);
00244         if (salt_princ) {
00245                 krb5_free_principal(context, salt_princ);
00246         }
00247         return ret;
00248 }

krb5_error_code get_kerberos_allowed_etypes ( krb5_context  context,
krb5_enctype **  enctypes 
)

clikrb5.c251 行で定義されています。

00253 {
00254         return krb5_get_permitted_enctypes(context, enctypes);
00255 }

krb5_error_code krb5_auth_con_setuseruserkey ( krb5_context  context,
krb5_auth_context  auth_context,
krb5_keyblock *  keyblock 
)

clikrb5.c267 行で定義されています。

参照元 ads_secrets_verify_ticket().

00270 {
00271         return krb5_auth_con_setkey(context, auth_context, keyblock);
00272 }

BOOL unwrap_pac ( TALLOC_CTX mem_ctx,
DATA_BLOB auth_data,
DATA_BLOB unwrapped_pac_data 
)

clikrb5.c275 行で定義されています。

参照先 asn1_end_tag()asn1_free()asn1_load()asn1_read_Integer()asn1_read_OctetString()asn1_start_tag()data_blob_::datadata_blob_free()data_blob_talloc()data_blob_::length.

参照元 get_auth_data_from_tkt().

00276 {
00277         DATA_BLOB pac_contents;
00278         ASN1_DATA data;
00279         int data_type;
00280 
00281         if (!auth_data->length) {
00282                 return False;
00283         }
00284 
00285         asn1_load(&data, *auth_data);
00286         asn1_start_tag(&data, ASN1_SEQUENCE(0));
00287         asn1_start_tag(&data, ASN1_SEQUENCE(0));
00288         asn1_start_tag(&data, ASN1_CONTEXT(0));
00289         asn1_read_Integer(&data, &data_type);
00290         
00291         if (data_type != KRB5_AUTHDATA_WIN2K_PAC ) {
00292                 DEBUG(10,("authorization data is not a Windows PAC (type: %d)\n", data_type));
00293                 asn1_free(&data);
00294                 return False;
00295         }
00296         
00297         asn1_end_tag(&data);
00298         asn1_start_tag(&data, ASN1_CONTEXT(1));
00299         asn1_read_OctetString(&data, &pac_contents);
00300         asn1_end_tag(&data);
00301         asn1_end_tag(&data);
00302         asn1_end_tag(&data);
00303         asn1_free(&data);
00304 
00305         *unwrapped_pac_data = data_blob_talloc(mem_ctx, pac_contents.data, pac_contents.length);
00306 
00307         data_blob_free(&pac_contents);
00308 
00309         return True;
00310 }

BOOL get_auth_data_from_tkt ( TALLOC_CTX mem_ctx,
DATA_BLOB auth_data,
krb5_ticket *  tkt 
)

clikrb5.c312 行で定義されています。

参照先 data_blob()data_blob_free()unwrap_pac().

参照元 ads_verify_ticket().

00313 {
00314         DATA_BLOB auth_data_wrapped;
00315         BOOL got_auth_data_pac = False;
00316         int i;
00317         
00318 #if defined(HAVE_KRB5_TKT_ENC_PART2)
00319         if (tkt->enc_part2 && tkt->enc_part2->authorization_data && 
00320             tkt->enc_part2->authorization_data[0] && 
00321             tkt->enc_part2->authorization_data[0]->length)
00322         {
00323                 for (i = 0; tkt->enc_part2->authorization_data[i] != NULL; i++) {
00324                 
00325                         if (tkt->enc_part2->authorization_data[i]->ad_type != 
00326                             KRB5_AUTHDATA_IF_RELEVANT) {
00327                                 DEBUG(10,("get_auth_data_from_tkt: ad_type is %d\n", 
00328                                         tkt->enc_part2->authorization_data[i]->ad_type));
00329                                 continue;
00330                         }
00331 
00332                         auth_data_wrapped = data_blob(tkt->enc_part2->authorization_data[i]->contents,
00333                                                       tkt->enc_part2->authorization_data[i]->length);
00334 
00335                         /* check if it is a PAC */
00336                         got_auth_data_pac = unwrap_pac(mem_ctx, &auth_data_wrapped, auth_data);
00337                         data_blob_free(&auth_data_wrapped);
00338                         
00339                         if (got_auth_data_pac) {
00340                                 return true;
00341                         }
00342                 }
00343 
00344                 return got_auth_data_pac;
00345         }
00346                 
00347 #else
00348         if (tkt->ticket.authorization_data && 
00349             tkt->ticket.authorization_data->len)
00350         {
00351                 for (i = 0; i < tkt->ticket.authorization_data->len; i++) {
00352                         
00353                         if (tkt->ticket.authorization_data->val[i].ad_type != 
00354                             KRB5_AUTHDATA_IF_RELEVANT) {
00355                                 DEBUG(10,("get_auth_data_from_tkt: ad_type is %d\n", 
00356                                         tkt->ticket.authorization_data->val[i].ad_type));
00357                                 continue;
00358                         }
00359 
00360                         auth_data_wrapped = data_blob(tkt->ticket.authorization_data->val[i].ad_data.data,
00361                                                       tkt->ticket.authorization_data->val[i].ad_data.length);
00362 
00363                         /* check if it is a PAC */
00364                         got_auth_data_pac = unwrap_pac(mem_ctx, &auth_data_wrapped, auth_data);
00365                         data_blob_free(&auth_data_wrapped);
00366 
00367                         if (got_auth_data_pac) {
00368                                 return true;
00369                         }
00370                 }
00371 
00372                 return got_auth_data_pac;
00373         }
00374 #endif
00375         return False;
00376 }

krb5_const_principal get_principal_from_tkt ( krb5_ticket *  tkt  ) 

clikrb5.c378 行で定義されています。

参照元 ads_verify_ticket().

00379 {
00380 #if defined(HAVE_KRB5_TKT_ENC_PART2)
00381         return tkt->enc_part2->client;
00382 #else
00383         return tkt->client;
00384 #endif
00385 }

krb5_error_code smb_krb5_locate_kdc ( krb5_context  ctx,
const krb5_data *  realm,
struct sockaddr **  addr_pp,
int *  naddrs,
int  get_masters 
)

clikrb5.c396 行で定義されています。

参照元 net_lookup_kdc().

00397 {
00398         krb5_krbhst_handle hnd;
00399         krb5_krbhst_info *hinfo;
00400         krb5_error_code rc;
00401         int num_kdcs, i;
00402         struct sockaddr *sa;
00403         struct addrinfo *ai;
00404 
00405         *addr_pp = NULL;
00406         *naddrs = 0;
00407 
00408         rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd);
00409         if (rc) {
00410                 DEBUG(0, ("smb_krb5_locate_kdc: krb5_krbhst_init failed (%s)\n", error_message(rc)));
00411                 return rc;
00412         }
00413 
00414         for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); num_kdcs++)
00415                 ;
00416 
00417         krb5_krbhst_reset(ctx, hnd);
00418 
00419         if (!num_kdcs) {
00420                 DEBUG(0, ("smb_krb5_locate_kdc: zero kdcs found !\n"));
00421                 krb5_krbhst_free(ctx, hnd);
00422                 return -1;
00423         }
00424 
00425         sa = SMB_MALLOC_ARRAY( struct sockaddr, num_kdcs );
00426         if (!sa) {
00427                 DEBUG(0, ("smb_krb5_locate_kdc: malloc failed\n"));
00428                 krb5_krbhst_free(ctx, hnd);
00429                 naddrs = 0;
00430                 return -1;
00431         }
00432 
00433         memset(sa, '\0', sizeof(struct sockaddr) * num_kdcs );
00434 
00435         for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) {
00436 
00437 #if defined(HAVE_KRB5_KRBHST_GET_ADDRINFO)
00438                 rc = krb5_krbhst_get_addrinfo(ctx, hinfo, &ai);
00439                 if (rc) {
00440                         DEBUG(0,("krb5_krbhst_get_addrinfo failed: %s\n", error_message(rc)));
00441                         continue;
00442                 }
00443 #endif
00444                 if (hinfo->ai && hinfo->ai->ai_family == AF_INET) 
00445                         memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct sockaddr));
00446         }
00447 
00448         krb5_krbhst_free(ctx, hnd);
00449 
00450         *naddrs = num_kdcs;
00451         *addr_pp = sa;
00452         return 0;
00453 }

void krb5_free_unparsed_name ( krb5_context  context,
char *  val 
)

clikrb5.c477 行で定義されています。

参照元 smb_krb5_unparse_name().

00478 {
00479         SAFE_FREE(val);
00480 }

void kerberos_free_data_contents ( krb5_context  context,
krb5_data *  pdata 
)

clikrb5.c483 行で定義されています。

参照元 ads_verify_ticket()cli_krb5_get_ticket()make_krb5_skew_error().

00484 {
00485 #if defined(HAVE_KRB5_FREE_DATA_CONTENTS)
00486         if (pdata->data) {
00487                 krb5_free_data_contents(context, pdata);
00488         }
00489 #else
00490         SAFE_FREE(pdata->data);
00491 #endif
00492 }

void kerberos_set_creds_enctype ( krb5_creds *  pcreds,
int  enctype 
)

clikrb5.c494 行で定義されています。

00495 {
00496 #if defined(HAVE_KRB5_KEYBLOCK_IN_CREDS)
00497         KRB5_KEY_TYPE((&pcreds->keyblock)) = enctype;
00498 #elif defined(HAVE_KRB5_SESSION_IN_CREDS)
00499         KRB5_KEY_TYPE((&pcreds->session)) = enctype;
00500 #else
00501 #error UNKNOWN_KEYBLOCK_MEMBER_IN_KRB5_CREDS_STRUCT
00502 #endif
00503 }

BOOL kerberos_compatible_enctypes ( krb5_context  context,
krb5_enctype  enctype1,
krb5_enctype  enctype2 
)

clikrb5.c505 行で定義されています。

00508 {
00509 #if defined(HAVE_KRB5_C_ENCTYPE_COMPARE)
00510         krb5_boolean similar = 0;
00511 
00512         krb5_c_enctype_compare(context, enctype1, enctype2, &similar);
00513         return similar ? True : False;
00514 #elif defined(HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS)
00515         return krb5_enctypes_compatible_keys(context, enctype1, enctype2) ? True : False;
00516 #endif
00517 }

static BOOL ads_cleanup_expired_creds ( krb5_context  context,
krb5_ccache  ccache,
krb5_creds *  credsp 
) [static]

clikrb5.c519 行で定義されています。

参照先 http_timestring()strequal().

参照元 ads_krb5_mk_req().

00522 {
00523         krb5_error_code retval;
00524         const char *cc_type = krb5_cc_get_type(context, ccache);
00525 
00526         DEBUG(3, ("ads_cleanup_expired_creds: Ticket in ccache[%s:%s] expiration %s\n",
00527                   cc_type, krb5_cc_get_name(context, ccache),
00528                   http_timestring(credsp->times.endtime)));
00529 
00530         /* we will probably need new tickets if the current ones
00531            will expire within 10 seconds.
00532         */
00533         if (credsp->times.endtime >= (time(NULL) + 10))
00534                 return False;
00535 
00536         /* heimdal won't remove creds from a file ccache, and 
00537            perhaps we shouldn't anyway, since internally we 
00538            use memory ccaches, and a FILE one probably means that
00539            we're using creds obtained outside of our exectuable
00540         */
00541         if (strequal(cc_type, "FILE")) {
00542                 DEBUG(5, ("ads_cleanup_expired_creds: We do not remove creds from a %s ccache\n", cc_type));
00543                 return False;
00544         }
00545 
00546         retval = krb5_cc_remove_cred(context, ccache, 0, credsp);
00547         if (retval) {
00548                 DEBUG(1, ("ads_cleanup_expired_creds: krb5_cc_remove_cred failed, err %s\n",
00549                           error_message(retval)));
00550                 /* If we have an error in this, we want to display it,
00551                    but continue as though we deleted it */
00552         }
00553         return True;
00554 }

static krb5_error_code ads_krb5_mk_req ( krb5_context  context,
krb5_auth_context *  auth_context,
const krb5_flags  ap_req_options,
const char *  principal,
krb5_ccache  ccache,
krb5_data *  outbuf,
time_t *  expire_time 
) [static]

clikrb5.c559 行で定義されています。

参照先 ads_cleanup_expired_creds()http_timestring()krb5_set_real_time()serversmb_krb5_parse_name()t.

参照元 cli_krb5_get_ticket().

00566 {
00567         krb5_error_code           retval;
00568         krb5_principal    server;
00569         krb5_creds              * credsp;
00570         krb5_creds                creds;
00571         krb5_data in_data;
00572         BOOL creds_ready = False;
00573         int i = 0, maxtries = 3;
00574         
00575         retval = smb_krb5_parse_name(context, principal, &server);
00576         if (retval) {
00577                 DEBUG(1,("ads_krb5_mk_req: Failed to parse principal %s\n", principal));
00578                 return retval;
00579         }
00580         
00581         /* obtain ticket & session key */
00582         ZERO_STRUCT(creds);
00583         if ((retval = krb5_copy_principal(context, server, &creds.server))) {
00584                 DEBUG(1,("ads_krb5_mk_req: krb5_copy_principal failed (%s)\n", 
00585                          error_message(retval)));
00586                 goto cleanup_princ;
00587         }
00588         
00589         if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) {
00590                 /* This can commonly fail on smbd startup with no ticket in the cache.
00591                  * Report at higher level than 1. */
00592                 DEBUG(3,("ads_krb5_mk_req: krb5_cc_get_principal failed (%s)\n", 
00593                          error_message(retval)));
00594                 goto cleanup_creds;
00595         }
00596 
00597         while (!creds_ready && (i < maxtries)) {
00598 
00599                 if ((retval = krb5_get_credentials(context, 0, ccache, 
00600                                                    &creds, &credsp))) {
00601                         DEBUG(1,("ads_krb5_mk_req: krb5_get_credentials failed for %s (%s)\n",
00602                                  principal, error_message(retval)));
00603                         goto cleanup_creds;
00604                 }
00605 
00606                 /* cope with ticket being in the future due to clock skew */
00607                 if ((unsigned)credsp->times.starttime > time(NULL)) {
00608                         time_t t = time(NULL);
00609                         int time_offset =(int)((unsigned)credsp->times.starttime-t);
00610                         DEBUG(4,("ads_krb5_mk_req: Advancing clock by %d seconds to cope with clock skew\n", time_offset));
00611                         krb5_set_real_time(context, t + time_offset + 1, 0);
00612                 }
00613 
00614                 if (!ads_cleanup_expired_creds(context, ccache, credsp)) {
00615                         creds_ready = True;
00616                 }
00617 
00618                 i++;
00619         }
00620 
00621         DEBUG(10,("ads_krb5_mk_req: Ticket (%s) in ccache (%s:%s) is valid until: (%s - %u)\n",
00622                   principal, krb5_cc_get_type(context, ccache), krb5_cc_get_name(context, ccache),
00623                   http_timestring((unsigned)credsp->times.endtime), 
00624                   (unsigned)credsp->times.endtime));
00625 
00626         if (expire_time) {
00627                 *expire_time = (time_t)credsp->times.endtime;
00628         }
00629 
00630         in_data.length = 0;
00631         retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 
00632                                       &in_data, credsp, outbuf);
00633         if (retval) {
00634                 DEBUG(1,("ads_krb5_mk_req: krb5_mk_req_extended failed (%s)\n", 
00635                          error_message(retval)));
00636         }
00637         
00638         krb5_free_creds(context, credsp);
00639 
00640 cleanup_creds:
00641         krb5_free_cred_contents(context, &creds);
00642 
00643 cleanup_princ:
00644         krb5_free_principal(context, server);
00645 
00646         return retval;
00647 }

int cli_krb5_get_ticket ( const char *  principal,
time_t  time_offset,
DATA_BLOB ticket,
DATA_BLOB session_key_krb5,
uint32  extra_ap_opts,
const char *  ccname,
time_t *  tgs_expire 
)

clikrb5.c652 行で定義されています。

参照先 ads_krb5_mk_req()data_blob()failedget_krb5_smb_session_key()kerberos_free_data_contents()krb5_set_default_tgs_ktypes()krb5_set_real_time()packet.

参照元 create_krb5_auth_bind_req()handle_krb5_mech()manage_client_krb5_init()spnego_gen_negTokenTarg()winbindd_raw_kerberos_login().

00657 {
00658         krb5_error_code retval;
00659         krb5_data packet;
00660         krb5_context context = NULL;
00661         krb5_ccache ccdef = NULL;
00662         krb5_auth_context auth_context = NULL;
00663         krb5_enctype enc_types[] = {
00664 #ifdef ENCTYPE_ARCFOUR_HMAC
00665                 ENCTYPE_ARCFOUR_HMAC,
00666 #endif 
00667                 ENCTYPE_DES_CBC_MD5, 
00668                 ENCTYPE_DES_CBC_CRC, 
00669                 ENCTYPE_NULL};
00670 
00671         initialize_krb5_error_table();
00672         retval = krb5_init_context(&context);
00673         if (retval) {
00674                 DEBUG(1,("cli_krb5_get_ticket: krb5_init_context failed (%s)\n", 
00675                          error_message(retval)));
00676                 goto failed;
00677         }
00678 
00679         if (time_offset != 0) {
00680                 krb5_set_real_time(context, time(NULL) + time_offset, 0);
00681         }
00682 
00683         if ((retval = krb5_cc_resolve(context, ccname ?
00684                         ccname : krb5_cc_default_name(context), &ccdef))) {
00685                 DEBUG(1,("cli_krb5_get_ticket: krb5_cc_default failed (%s)\n",
00686                          error_message(retval)));
00687                 goto failed;
00688         }
00689 
00690         if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) {
00691                 DEBUG(1,("cli_krb5_get_ticket: krb5_set_default_tgs_ktypes failed (%s)\n",
00692                          error_message(retval)));
00693                 goto failed;
00694         }
00695 
00696         if ((retval = ads_krb5_mk_req(context, 
00697                                         &auth_context, 
00698                                         AP_OPTS_USE_SUBKEY | (krb5_flags)extra_ap_opts,
00699                                         principal,
00700                                         ccdef, &packet,
00701                                         tgs_expire))) {
00702                 goto failed;
00703         }
00704 
00705         get_krb5_smb_session_key(context, auth_context, session_key_krb5, False);
00706 
00707         *ticket = data_blob(packet.data, packet.length);
00708 
00709         kerberos_free_data_contents(context, &packet); 
00710 
00711 failed:
00712 
00713         if ( context ) {
00714                 if (ccdef)
00715                         krb5_cc_close(context, ccdef);
00716                 if (auth_context)
00717                         krb5_auth_con_free(context, auth_context);
00718                 krb5_free_context(context);
00719         }
00720                 
00721         return retval;
00722 }

BOOL get_krb5_smb_session_key ( krb5_context  context,
krb5_auth_context  auth_context,
DATA_BLOB session_key,
BOOL  remote 
)

clikrb5.c724 行で定義されています。

参照先 data_blob_::datadata_blob()dump_data_pw()errdata_blob_::length.

参照元 ads_verify_ticket()cli_krb5_get_ticket().

00725  {
00726         krb5_keyblock *skey;
00727         krb5_error_code err;
00728         BOOL ret = False;
00729 
00730         if (remote)
00731                 err = krb5_auth_con_getremotesubkey(context, auth_context, &skey);
00732         else
00733                 err = krb5_auth_con_getlocalsubkey(context, auth_context, &skey);
00734         if (err == 0 && skey != NULL) {
00735                 DEBUG(10, ("Got KRB5 session key of length %d\n",  (int)KRB5_KEY_LENGTH(skey)));
00736                 *session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
00737                 dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
00738 
00739                 ret = True;
00740 
00741                 krb5_free_keyblock(context, skey);
00742         } else {
00743                 DEBUG(10, ("KRB5 error getting session key %d\n", err));
00744         }
00745 
00746         return ret;
00747  }

const krb5_data* krb5_princ_component ( krb5_context  context,
krb5_principal  principal,
int  i 
)

krb5_error_code smb_krb5_kt_free_entry ( krb5_context  context,
krb5_keytab_entry *  kt_entry 
)

clikrb5.c763 行で定義されています。

参照元 ads_keytab_create_default()ads_keytab_flush()ads_keytab_verify_ticket()get_key_from_keytab()smb_krb5_kt_add_entry().

00764 {
00765 #if defined(HAVE_KRB5_KT_FREE_ENTRY)
00766         return krb5_kt_free_entry(context, kt_entry);
00767 #elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
00768         return krb5_free_keytab_entry_contents(context, kt_entry);
00769 #else
00770 #error UNKNOWN_KT_FREE_FUNCTION
00771 #endif
00772 }

void smb_krb5_checksum_from_pac_sig ( krb5_checksum *  cksum,
PAC_SIGNATURE_DATA sig 
)

clikrb5.c774 行で定義されています。

参照先 RPC_DATA_BLOB::buf_lenRPC_DATA_BLOB::bufferpac_signature_data::signaturepac_signature_data::type.

参照元 check_pac_checksum().

00776 {
00777 #ifdef HAVE_CHECKSUM_IN_KRB5_CHECKSUM
00778         cksum->cksumtype        = (krb5_cksumtype)sig->type;
00779         cksum->checksum.length  = sig->signature.buf_len;
00780         cksum->checksum.data    = sig->signature.buffer;
00781 #else
00782         cksum->checksum_type    = (krb5_cksumtype)sig->type;
00783         cksum->length           = sig->signature.buf_len;
00784         cksum->contents         = sig->signature.buffer;
00785 #endif
00786 }

krb5_error_code smb_krb5_verify_checksum ( krb5_context  context,
krb5_keyblock *  keyblock,
krb5_keyusage  usage,
krb5_checksum *  cksum,
uint8 *  data,
size_t  length 
)

clikrb5.c788 行で定義されています。

参照元 check_pac_checksum().

00794 {
00795         krb5_error_code ret;
00796 
00797         /* verify the checksum */
00798 
00799         /* welcome to the wonderful world of samba's kerberos abstraction layer:
00800          * 
00801          * function                     heimdal 0.6.1rc3        heimdal 0.7     MIT krb 1.4.2
00802          * -----------------------------------------------------------------------------
00803          * krb5_c_verify_checksum       -                       works           works
00804          * krb5_verify_checksum         works (6 args)          works (6 args)  broken (7 args) 
00805          */
00806 
00807 #if defined(HAVE_KRB5_C_VERIFY_CHECKSUM)
00808         {
00809                 krb5_boolean checksum_valid = False;
00810                 krb5_data input;
00811 
00812                 input.data = (char *)data;
00813                 input.length = length;
00814 
00815                 ret = krb5_c_verify_checksum(context, 
00816                                              keyblock, 
00817                                              usage,
00818                                              &input, 
00819                                              cksum,
00820                                              &checksum_valid);
00821                 if (ret) {
00822                         DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n", 
00823                                 error_message(ret)));
00824                         return ret;
00825                 }
00826 
00827                 if (!checksum_valid)
00828                         ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
00829         }
00830 
00831 #elif KRB5_VERIFY_CHECKSUM_ARGS == 6 && defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CRYPTO) && defined(HAVE_KRB5_CRYPTO_DESTROY)
00832 
00833         /* Warning: MIT's krb5_verify_checksum cannot be used as it will use a key
00834          * without enctype and it ignores any key_usage types - Guenther */
00835 
00836         {
00837 
00838                 krb5_crypto crypto;
00839                 ret = krb5_crypto_init(context,
00840                                        keyblock,
00841                                        0,
00842                                        &crypto);
00843                 if (ret) {
00844                         DEBUG(0,("smb_krb5_verify_checksum: krb5_crypto_init() failed: %s\n", 
00845                                 error_message(ret)));
00846                         return ret;
00847                 }
00848 
00849                 ret = krb5_verify_checksum(context,
00850                                            crypto,
00851                                            usage,
00852                                            data,
00853                                            length,
00854                                            cksum);
00855 
00856                 krb5_crypto_destroy(context, crypto);
00857         }
00858 
00859 #else
00860 #error UNKNOWN_KRB5_VERIFY_CHECKSUM_FUNCTION
00861 #endif
00862 
00863         return ret;
00864 }

time_t get_authtime_from_tkt ( krb5_ticket *  tkt  ) 

clikrb5.c866 行で定義されています。

参照元 ads_verify_ticket().

00867 {
00868 #if defined(HAVE_KRB5_TKT_ENC_PART2)
00869         return tkt->enc_part2->times.authtime;
00870 #else
00871         return tkt->ticket.authtime;
00872 #endif
00873 }

static int get_kvno_from_ap_req ( krb5_ap_req *  ap_req  )  [static]

clikrb5.c876 行で定義されています。

参照元 smb_krb5_get_keyinfo_from_ap_req().

00877 {
00878 #ifdef HAVE_TICKET_POINTER_IN_KRB5_AP_REQ /* MIT */
00879         if (ap_req->ticket->enc_part.kvno)
00880                 return ap_req->ticket->enc_part.kvno;
00881 #else /* Heimdal */
00882         if (ap_req->ticket.enc_part.kvno) 
00883                 return *ap_req->ticket.enc_part.kvno;
00884 #endif
00885         return 0;
00886 }

static krb5_enctype get_enctype_from_ap_req ( krb5_ap_req *  ap_req  )  [static]

clikrb5.c888 行で定義されています。

参照元 smb_krb5_get_keyinfo_from_ap_req().

00889 {
00890 #ifdef HAVE_ETYPE_IN_ENCRYPTEDDATA /* Heimdal */
00891         return ap_req->ticket.enc_part.etype;
00892 #else /* MIT */
00893         return ap_req->ticket->enc_part.enctype;
00894 #endif
00895 }

static krb5_error_code get_key_from_keytab ( krb5_context  context,
krb5_const_principal  server,
krb5_enctype  enctype,
krb5_kvno  kvno,
krb5_keyblock **  out_key 
) [static]

clikrb5.c899 行で定義されています。

参照先 DEBUGLEVELnamesmb_krb5_kt_free_entry()smb_krb5_unparse_name().

参照元 krb5_rd_req_return_keyblock_from_keytab().

00904 {
00905         krb5_keytab_entry entry;
00906         krb5_error_code ret;
00907         krb5_keytab keytab;
00908         char *name = NULL;
00909 
00910         /* We have to open a new keytab handle here, as MIT does
00911            an implicit open/getnext/close on krb5_kt_get_entry. We
00912            may be in the middle of a keytab enumeration when this is
00913            called. JRA. */
00914 
00915         ret = krb5_kt_default(context, &keytab);
00916         if (ret) {
00917                 DEBUG(0,("get_key_from_keytab: failed to open keytab: %s\n", error_message(ret)));
00918                 return ret;
00919         }
00920 
00921         if ( DEBUGLEVEL >= 10 ) {
00922                 if (smb_krb5_unparse_name(context, server, &name) == 0) {
00923                         DEBUG(10,("get_key_from_keytab: will look for kvno %d, enctype %d and name: %s\n", 
00924                                 kvno, enctype, name));
00925                         SAFE_FREE(name);
00926                 }
00927         }
00928 
00929         ret = krb5_kt_get_entry(context,
00930                                 keytab,
00931                                 server,
00932                                 kvno,
00933                                 enctype,
00934                                 &entry);
00935 
00936         if (ret) {
00937                 DEBUG(0,("get_key_from_keytab: failed to retrieve key: %s\n", error_message(ret)));
00938                 goto out;
00939         }
00940 
00941 #ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
00942         ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
00943 #elif defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) /* MIT */
00944         ret = krb5_copy_keyblock(context, &entry.key, out_key);
00945 #else
00946 #error UNKNOWN_KRB5_KEYTAB_ENTRY_FORMAT
00947 #endif
00948 
00949         if (ret) {
00950                 DEBUG(0,("get_key_from_keytab: failed to copy key: %s\n", error_message(ret)));
00951                 goto out;
00952         }
00953                 
00954         smb_krb5_kt_free_entry(context, &entry);
00955         
00956 out:    
00957         krb5_kt_close(context, keytab);
00958         return ret;
00959 }

krb5_error_code smb_krb5_get_keyinfo_from_ap_req ( krb5_context  context,
const krb5_data *  inbuf,
krb5_kvno *  kvno,
krb5_enctype *  enctype 
)

clikrb5.c963 行で定義されています。

参照先 get_enctype_from_ap_req()get_kvno_from_ap_req().

参照元 krb5_rd_req_return_keyblock_from_keytab().

00967 {
00968 #ifdef HAVE_KRB5_DECODE_AP_REQ /* Heimdal */
00969         {
00970                 krb5_error_code ret;
00971                 krb5_ap_req ap_req;
00972                 
00973                 ret = krb5_decode_ap_req(context, inbuf, &ap_req);
00974                 if (ret)
00975                         return ret;
00976 
00977                 *kvno = get_kvno_from_ap_req(&ap_req);
00978                 *enctype = get_enctype_from_ap_req(&ap_req);
00979 
00980                 free_AP_REQ(&ap_req);
00981                 return 0;
00982         }
00983 #endif
00984 
00985         /* Possibly not an appropriate error code. */
00986         return KRB5KDC_ERR_BADOPTION;
00987 }

krb5_error_code krb5_rd_req_return_keyblock_from_keytab ( krb5_context  context,
krb5_auth_context *  auth_context,
const krb5_data *  inbuf,
krb5_const_principal  server,
krb5_keytab  keytab,
krb5_flags *  ap_req_options,
krb5_ticket **  ticket,
krb5_keyblock **  keyblock 
)

clikrb5.c989 行で定義されています。

参照先 get_key_from_keytab()smb_krb5_get_keyinfo_from_ap_req().

参照元 ads_keytab_verify_ticket().

00997 {
00998         krb5_error_code ret;
00999         krb5_kvno kvno;
01000         krb5_enctype enctype;
01001         krb5_keyblock *local_keyblock;
01002 
01003         ret = krb5_rd_req(context, 
01004                           auth_context, 
01005                           inbuf, 
01006                           server, 
01007                           keytab, 
01008                           ap_req_options, 
01009                           ticket);
01010         if (ret) {
01011                 return ret;
01012         }
01013         
01014 #ifdef KRB5_TICKET_HAS_KEYINFO
01015         enctype = (*ticket)->enc_part.enctype;
01016         kvno = (*ticket)->enc_part.kvno;
01017 #else
01018         ret = smb_krb5_get_keyinfo_from_ap_req(context, inbuf, &kvno, &enctype);
01019         if (ret) {
01020                 return ret;
01021         }
01022 #endif
01023 
01024         ret = get_key_from_keytab(context, 
01025                                   server,
01026                                   enctype,
01027                                   kvno,
01028                                   &local_keyblock);
01029         if (ret) {
01030                 DEBUG(0,("krb5_rd_req_return_keyblock_from_keytab: failed to call get_key_from_keytab\n"));
01031                 goto out;
01032         }
01033 
01034 out:
01035         if (ret && local_keyblock != NULL) {
01036                 krb5_free_keyblock(context, local_keyblock);
01037         } else {
01038                 *keyblock = local_keyblock;
01039         }
01040 
01041         return ret;
01042 }

krb5_error_code smb_krb5_parse_name_norealm ( krb5_context  context,
const char *  name,
krb5_principal *  principal 
)

clikrb5.c1044 行で定義されています。

参照先 smb_krb5_parse_name()smb_krb5_parse_name_norealm_conv().

01047 {
01048 #ifdef HAVE_KRB5_PARSE_NAME_NOREALM
01049         return smb_krb5_parse_name_norealm_conv(context, name, principal);
01050 #endif
01051 
01052         /* we are cheating here because parse_name will in fact set the realm.
01053          * We don't care as the only caller of smb_krb5_parse_name_norealm
01054          * ignores the realm anyway when calling
01055          * smb_krb5_principal_compare_any_realm later - Guenther */
01056 
01057         return smb_krb5_parse_name(context, name, principal);
01058 }

BOOL smb_krb5_principal_compare_any_realm ( krb5_context  context,
krb5_const_principal  princ1,
krb5_const_principal  princ2 
)

clikrb5.c1060 行で定義されています。

参照先 krb5_princ_component().

01063 {
01064 #ifdef HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM
01065 
01066         return krb5_principal_compare_any_realm(context, princ1, princ2);
01067 
01068 /* krb5_princ_size is a macro in MIT */
01069 #elif defined(HAVE_KRB5_PRINC_SIZE) || defined(krb5_princ_size)
01070 
01071         int i, len1, len2;
01072         const krb5_data *p1, *p2;
01073 
01074         len1 = krb5_princ_size(context, princ1);
01075         len2 = krb5_princ_size(context, princ2);
01076 
01077         if (len1 != len2)
01078                 return False;
01079 
01080         for (i = 0; i < len1; i++) {
01081 
01082                 p1 = krb5_princ_component(context, CONST_DISCARD(krb5_principal, princ1), i);
01083                 p2 = krb5_princ_component(context, CONST_DISCARD(krb5_principal, princ2), i);
01084 
01085                 if (p1->length != p2->length || memcmp(p1->data, p2->data, p1->length))
01086                         return False;
01087         }
01088 
01089         return True;
01090 #else
01091 #error NO_SUITABLE_PRINCIPAL_COMPARE_FUNCTION
01092 #endif
01093 }

krb5_error_code smb_krb5_renew_ticket ( const char *  ccache_string,
const char *  client_string,
const char *  service_string,
time_t *  expire_time 
)

clikrb5.c1095 行で定義されています。

参照先 flagssmb_krb5_parse_name().

参照元 krb5_ticket_refresh_handler().

01095                                                                                :/tmp/krb5cc_0 */
01096                                        const char *client_string,       /* gd@BER.SUSE.DE */
01097                                        const char *service_string,      /* krbtgt/BER.SUSE.DE@BER.SUSE.DE */
01098                                        time_t *expire_time)
01099 {
01100         krb5_error_code ret;
01101         krb5_context context = NULL;
01102         krb5_ccache ccache = NULL;
01103         krb5_principal client = NULL;
01104 
01105         initialize_krb5_error_table();
01106         ret = krb5_init_context(&context);
01107         if (ret) {
01108                 goto done;
01109         }
01110 
01111         if (!ccache_string) {
01112                 ccache_string = krb5_cc_default_name(context);
01113         }
01114 
01115         DEBUG(10,("smb_krb5_renew_ticket: using %s as ccache\n", ccache_string));
01116 
01117         /* FIXME: we should not fall back to defaults */
01118         ret = krb5_cc_resolve(context, CONST_DISCARD(char *, ccache_string), &ccache);
01119         if (ret) {
01120                 goto done;
01121         }
01122 
01123 #ifdef HAVE_KRB5_GET_RENEWED_CREDS      /* MIT */
01124         {
01125                 krb5_creds creds;
01126         
01127                 if (client_string) {
01128                         ret = smb_krb5_parse_name(context, client_string, &client);
01129                         if (ret) {
01130                                 goto done;
01131                         }
01132                 } else {
01133                         ret = krb5_cc_get_principal(context, ccache, &client);
01134                         if (ret) {
01135                                 goto done;
01136                         }
01137                 }
01138         
01139                 ret = krb5_get_renewed_creds(context, &creds, client, ccache, CONST_DISCARD(char *, service_string));
01140                 if (ret) {
01141                         DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
01142                         goto done;
01143                 }
01144 
01145                 /* hm, doesn't that create a new one if the old one wasn't there? - Guenther */
01146                 ret = krb5_cc_initialize(context, ccache, client);
01147                 if (ret) {
01148                         goto done;
01149                 }
01150         
01151                 ret = krb5_cc_store_cred(context, ccache, &creds);
01152 
01153                 if (expire_time) {
01154                         *expire_time = (time_t) creds.times.endtime;
01155                 }
01156 
01157                 krb5_free_cred_contents(context, &creds);
01158         }
01159 #elif defined(HAVE_KRB5_GET_KDC_CRED)   /* Heimdal */
01160         {
01161                 krb5_kdc_flags flags;
01162                 krb5_creds creds_in;
01163                 krb5_realm *client_realm;
01164                 krb5_creds *creds;
01165 
01166                 memset(&creds_in, 0, sizeof(creds_in));
01167 
01168                 if (client_string) {
01169                         ret = smb_krb5_parse_name(context, client_string, &creds_in.client);
01170                         if (ret) {
01171                                 goto done;
01172                         }
01173                 } else {
01174                         ret = krb5_cc_get_principal(context, ccache, &creds_in.client);
01175                         if (ret) {
01176                                 goto done;
01177                         }
01178                 }
01179 
01180                 if (service_string) {
01181                         ret = smb_krb5_parse_name(context, service_string, &creds_in.server);
01182                         if (ret) { 
01183                                 goto done;
01184                         }
01185                 } else {
01186                         /* build tgt service by default */
01187                         client_realm = krb5_princ_realm(context, creds_in.client);
01188                         if (!client_realm) {
01189                                 ret = ENOMEM;
01190                                 goto done;
01191                         }
01192                         ret = krb5_make_principal(context, &creds_in.server, *client_realm, KRB5_TGS_NAME, *client_realm, NULL);
01193                         if (ret) {
01194                                 goto done;
01195                         }
01196                 }
01197 
01198                 flags.i = 0;
01199                 flags.b.renewable = flags.b.renew = True;
01200 
01201                 ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &creds_in, &creds);
01202                 if (ret) {
01203                         DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
01204                         goto done;
01205                 }
01206                 
01207                 /* hm, doesn't that create a new one if the old one wasn't there? - Guenther */
01208                 ret = krb5_cc_initialize(context, ccache, creds_in.client);
01209                 if (ret) {
01210                         goto done;
01211                 }
01212         
01213                 ret = krb5_cc_store_cred(context, ccache, creds);
01214 
01215                 if (expire_time) {
01216                         *expire_time = (time_t) creds->times.endtime;
01217                 }
01218                                                 
01219                 krb5_free_cred_contents(context, &creds_in);
01220                 krb5_free_creds(context, creds);
01221         }
01222 #else
01223 #error No suitable krb5 ticket renew function available
01224 #endif
01225 
01226 
01227 done:
01228         if (client) {
01229                 krb5_free_principal(context, client);
01230         }
01231         if (context) {
01232                 krb5_free_context(context);
01233         }
01234         if (ccache) {
01235                 krb5_cc_close(context, ccache);
01236         }
01237 
01238         return ret;
01239     
01240 }

krb5_error_code smb_krb5_free_addresses ( krb5_context  context,
smb_krb5_addresses addr 
)

clikrb5.c1242 行で定義されています。

参照先 smb_krb5_addresses::addrs.

参照元 kerberos_kinit_password_ext().

01243 {
01244         krb5_error_code ret = 0;
01245         if (addr == NULL) {
01246                 return ret;
01247         }
01248 #if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
01249         krb5_free_addresses(context, addr->addrs);
01250 #elif defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* Heimdal */
01251         ret = krb5_free_addresses(context, addr->addrs);
01252         SAFE_FREE(addr->addrs);
01253 #endif
01254         SAFE_FREE(addr);
01255         addr = NULL;
01256         return ret;
01257 }

krb5_error_code smb_krb5_gen_netbios_krb5_address ( smb_krb5_addresses **  kerb_addr  ) 

clikrb5.c1259 行で定義されています。

参照先 bufglobal_mynameput_name().

参照元 kerberos_kinit_password_ext().

01260 {
01261         krb5_error_code ret = 0;
01262         nstring buf;
01263 #if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
01264         krb5_address **addrs = NULL;
01265 #elif defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* Heimdal */
01266         krb5_addresses *addrs = NULL;
01267 #endif
01268 
01269         *kerb_addr = (smb_krb5_addresses *)SMB_MALLOC(sizeof(smb_krb5_addresses));
01270         if (*kerb_addr == NULL) {
01271                 return ENOMEM;
01272         }
01273 
01274         put_name(buf, global_myname(), ' ', 0x20);
01275 
01276 #if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
01277         {
01278                 int num_addr = 2;
01279 
01280                 addrs = (krb5_address **)SMB_MALLOC(sizeof(krb5_address *) * num_addr);
01281                 if (addrs == NULL) {
01282                         SAFE_FREE(kerb_addr);
01283                         return ENOMEM;
01284                 }
01285 
01286                 memset(addrs, 0, sizeof(krb5_address *) * num_addr);
01287 
01288                 addrs[0] = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
01289                 if (addrs[0] == NULL) {
01290                         SAFE_FREE(addrs);
01291                         SAFE_FREE(kerb_addr);
01292                         return ENOMEM;
01293                 }
01294 
01295                 addrs[0]->magic = KV5M_ADDRESS;
01296                 addrs[0]->addrtype = KRB5_ADDR_NETBIOS;
01297                 addrs[0]->length = MAX_NETBIOSNAME_LEN;
01298                 addrs[0]->contents = (unsigned char *)SMB_MALLOC(addrs[0]->length);
01299                 if (addrs[0]->contents == NULL) {
01300                         SAFE_FREE(addrs[0]);
01301                         SAFE_FREE(addrs);
01302                         SAFE_FREE(kerb_addr);
01303                         return ENOMEM;
01304                 }
01305 
01306                 memcpy(addrs[0]->contents, buf, addrs[0]->length);
01307 
01308                 addrs[1] = NULL;
01309         }
01310 #elif defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* Heimdal */
01311         {
01312                 addrs = (krb5_addresses *)SMB_MALLOC(sizeof(krb5_addresses));
01313                 if (addrs == NULL) {
01314                         SAFE_FREE(kerb_addr);
01315                         return ENOMEM;
01316                 }
01317 
01318                 memset(addrs, 0, sizeof(krb5_addresses));
01319 
01320                 addrs->len = 1;
01321                 addrs->val = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
01322                 if (addrs->val == NULL) {
01323                         SAFE_FREE(addrs);
01324                         SAFE_FREE(kerb_addr);
01325                         return ENOMEM;
01326                 }
01327 
01328                 addrs->val[0].addr_type = KRB5_ADDR_NETBIOS;
01329                 addrs->val[0].address.length = MAX_NETBIOSNAME_LEN;
01330                 addrs->val[0].address.data = (unsigned char *)SMB_MALLOC(addrs->val[0].address.length);
01331                 if (addrs->val[0].address.data == NULL) {
01332                         SAFE_FREE(addrs->val);
01333                         SAFE_FREE(addrs);
01334                         SAFE_FREE(kerb_addr);
01335                         return ENOMEM;
01336                 }
01337 
01338                 memcpy(addrs->val[0].address.data, buf, addrs->val[0].address.length);
01339         }
01340 #else
01341 #error UNKNOWN_KRB5_ADDRESS_FORMAT
01342 #endif
01343         (*kerb_addr)->addrs = addrs;
01344 
01345         return ret;
01346 }

void smb_krb5_free_error ( krb5_context  context,
krb5_error *  krberror 
)

clikrb5.c1348 行で定義されています。

参照元 handle_krberror_packet().

01349 {
01350 #ifdef HAVE_KRB5_FREE_ERROR_CONTENTS /* Heimdal */
01351         krb5_free_error_contents(context, krberror);
01352 #else /* MIT */
01353         krb5_free_error(context, krberror);
01354 #endif
01355 }

krb5_error_code handle_krberror_packet ( krb5_context  context,
krb5_data *  packet 
)

clikrb5.c1357 行で定義されています。

参照先 smb_krb5_free_error().

参照元 parse_setpw_reply().

01359 {
01360         krb5_error_code ret;
01361         BOOL got_error_code = False;
01362 
01363         DEBUG(10,("handle_krberror_packet: got error packet\n"));
01364         
01365 #ifdef HAVE_E_DATA_POINTER_IN_KRB5_ERROR /* Heimdal */
01366         {
01367                 krb5_error krberror;
01368 
01369                 if ((ret = krb5_rd_error(context, packet, &krberror))) {
01370                         DEBUG(10,("handle_krberror_packet: krb5_rd_error failed with: %s\n", 
01371                                 error_message(ret)));
01372                         return ret;
01373                 }
01374 
01375                 if (krberror.e_data == NULL || krberror.e_data->data == NULL) {
01376                         ret = (krb5_error_code) krberror.error_code;
01377                         got_error_code = True;
01378                 }
01379 
01380                 smb_krb5_free_error(context, &krberror);
01381         }
01382 #else /* MIT */
01383         {
01384                 krb5_error *krberror;
01385 
01386                 if ((ret = krb5_rd_error(context, packet, &krberror))) {
01387                         DEBUG(10,("handle_krberror_packet: krb5_rd_error failed with: %s\n", 
01388                                 error_message(ret)));
01389                         return ret;
01390                 }
01391 
01392                 if (krberror->e_data.data == NULL) {
01393                         ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error;
01394                         got_error_code = True;
01395                 }
01396                 smb_krb5_free_error(context, krberror);
01397         }
01398 #endif
01399         if (got_error_code) {
01400                 DEBUG(5,("handle_krberror_packet: got KERBERR from kpasswd: %s (%d)\n", 
01401                         error_message(ret), ret));
01402         }
01403         return ret;
01404 }

krb5_error_code smb_krb5_get_init_creds_opt_alloc ( krb5_context  context,
krb5_get_init_creds_opt **  opt 
)

clikrb5.c1406 行で定義されています。

参照元 kerberos_kinit_password_ext().

01408 {
01409 #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
01410         /* Heimdal or modern MIT version */
01411         return krb5_get_init_creds_opt_alloc(context, opt);
01412 #else
01413         /* Historical MIT version */
01414         krb5_get_init_creds_opt *my_opt;
01415 
01416         *opt = NULL;
01417 
01418         if ((my_opt = SMB_MALLOC(sizeof(krb5_get_init_creds_opt))) == NULL) {
01419                 return ENOMEM;
01420         }
01421 
01422         krb5_get_init_creds_opt_init(my_opt);
01423 
01424         *opt =  my_opt;
01425         return 0;
01426 #endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC  */
01427 }

void smb_krb5_get_init_creds_opt_free ( krb5_context  context,
krb5_get_init_creds_opt *  opt 
)

clikrb5.c1429 行で定義されています。

参照元 kerberos_kinit_password_ext().

01431 {
01432 #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE
01433 
01434 #ifdef KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT
01435         /* Modern MIT version */
01436         krb5_get_init_creds_opt_free(context, opt);
01437 #else
01438         /* Heimdal version */
01439         krb5_get_init_creds_opt_free(opt);
01440 #endif
01441 
01442 #else /* HAVE_KRB5_GET_INIT_CREDS_OPT_FREE */
01443         /* Historical MIT version */
01444         SAFE_FREE(opt);
01445         opt = NULL;
01446 #endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_FREE */
01447 }

krb5_error_code smb_krb5_mk_error ( krb5_context  context,
krb5_error_code  error_code,
const krb5_principal  server,
krb5_data *  reply 
)

clikrb5.c1449 行で定義されています。

参照元 make_krb5_skew_error().

01453 {
01454 #ifdef HAVE_SHORT_KRB5_MK_ERROR_INTERFACE /* MIT */
01455         /*
01456          * The MIT interface is *terrible*.
01457          * We have to construct this ourselves...
01458          */
01459         krb5_error e;
01460 
01461         memset(&e, 0, sizeof(e));
01462         krb5_us_timeofday(context, &e.stime, &e.susec);
01463         e.server = server;
01464 #if defined(krb5_err_base)
01465         e.error = error_code - krb5_err_base;
01466 #elif defined(ERROR_TABLE_BASE_krb5)
01467         e.error = error_code - ERROR_TABLE_BASE_krb5;
01468 #else
01469         e.error = error_code; /* Almost certainly wrong, but what can we do... ? */
01470 #endif
01471 
01472         return krb5_mk_error(context, &e, reply);
01473 #else /* Heimdal. */
01474         return krb5_mk_error(context,
01475                                 error_code,
01476                                 NULL,
01477                                 NULL, /* e_data */
01478                                 NULL,
01479                                 server,
01480                                 NULL,
01481                                 NULL,
01482                                 reply);
01483 #endif
01484 }


Sambaに対してSat Aug 29 21:23:47 2009に生成されました。  doxygen 1.4.7