2 * lib/krb5/krb/init_ctx.c
4 * Copyright 1994 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. M.I.T. makes no representations about the suitability of
20 * this software for any purpose. It is provided "as is" without express
21 * or implied warranty.
29 #if (defined(_MSDOS) || defined(_WIN32))
30 extern void krb5_win_do_init();
33 krb5_error_code INTERFACE
34 krb5_init_context(context)
35 krb5_context *context;
38 krb5_error_code retval;
41 #if (defined(_MSDOS) || defined(_WIN32))
43 * krb5_win_do_init() is defined in win_glue.c, and this is
44 * where we handle the timebomb and version server checks.
51 ctx = malloc(sizeof(struct _krb5_context));
54 memset(ctx, 0, sizeof(struct _krb5_context));
55 ctx->magic = KV5M_CONTEXT;
57 /* Set the default encryption types, possible defined in krb5/conf */
58 if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL)))
61 if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
64 if ((retval = krb5_os_init_context(ctx)))
67 ctx->default_realm = 0;
68 profile_get_integer(ctx->profile, "libdefaults", "clockskew",
73 /* Default ticket lifetime is currently not supported */
74 profile_get_integer(ctx->profile, "libdefaults", "tkt_lifetime",
75 0, 10 * 60 * 60, &tmp);
76 ctx->tkt_lifetime = tmp;
79 /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2) */
80 /* DCE add kdc_req_checksum_type = 2 to krb5.conf */
81 profile_get_integer(ctx->profile, "libdefaults",
82 "kdc_req_checksum_type", 0, CKSUMTYPE_RSA_MD5,
84 ctx->kdc_req_sumtype = tmp;
86 profile_get_integer(ctx->profile, "libdefaults",
87 "ap_req_checksum_type", 0, CKSUMTYPE_RSA_MD5,
89 ctx->default_ap_req_sumtype = tmp;
91 profile_get_integer(ctx->profile, "libdefaults",
92 "safe_checksum_type", 0,
93 CKSUMTYPE_RSA_MD5_DES, &tmp);
94 ctx->default_safe_sumtype = tmp;
96 profile_get_integer(ctx->profile, "libdefaults",
97 "kdc_default_options", 0,
98 KDC_OPT_RENEWABLE_OK, &tmp);
99 ctx->kdc_default_options = KDC_OPT_RENEWABLE_OK;
101 #define DEFAULT_KDC_TIMESYNC 1
103 #define DEFAULT_KDC_TIMESYNC 0
105 profile_get_integer(ctx->profile, "libdefaults",
106 "kdc_timesync", 0, DEFAULT_KDC_TIMESYNC,
108 ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
111 * We use a default file credentials cache of 3. See
112 * lib/krb5/krb/ccache/file/fcc.h for a description of the
113 * credentials cache types.
115 * Note: DCE 1.0.3a only supports a cache type of 1
116 * DCE 1.1 supports a cache type of 2.
119 #define DEFAULT_CCACHE_TYPE 4
121 #define DEFAULT_CCACHE_TYPE 3
123 profile_get_integer(ctx->profile, "libdefaults", "ccache_type",
124 0, DEFAULT_CCACHE_TYPE, &tmp);
125 ctx->fcc_default_format = tmp + 0x0500;
126 ctx->scc_default_format = tmp + 0x0500;
132 krb5_free_context(ctx);
137 krb5_free_context(ctx)
140 krb5_os_free_context(ctx);
142 if (ctx->in_tkt_ktypes)
143 free(ctx->in_tkt_ktypes);
146 free(ctx->tgs_ktypes);
148 if (ctx->default_realm)
149 free(ctx->default_realm);
151 if (ctx->ser_ctx_count && ctx->ser_ctx)
159 * Set the desired default ktypes, making sure they are valid.
162 krb5_set_default_in_tkt_ktypes(context, ktypes)
163 krb5_context context;
164 const krb5_enctype *ktypes;
166 krb5_enctype * new_ktypes;
170 for (i = 0; ktypes[i]; i++) {
171 if (!valid_enctype(ktypes[i]))
172 return KRB5_PROG_ETYPE_NOSUPP;
175 /* Now copy the default ktypes into the context pointer */
176 if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i)))
177 memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
186 if (context->in_tkt_ktypes)
187 free(context->in_tkt_ktypes);
188 context->in_tkt_ktypes = new_ktypes;
189 context->in_tkt_ktype_count = i;
194 krb5_get_default_in_tkt_ktypes(context, ktypes)
195 krb5_context context;
196 krb5_enctype **ktypes;
198 krb5_enctype * old_ktypes;
200 if (context->in_tkt_ktype_count) {
201 /* application-set defaults */
203 (krb5_enctype *)malloc(sizeof(krb5_enctype) *
204 (context->in_tkt_ktype_count + 1)))) {
205 memcpy(old_ktypes, context->in_tkt_ktypes, sizeof(krb5_enctype) *
206 context->in_tkt_ktype_count);
207 old_ktypes[context->in_tkt_ktype_count] = 0;
212 /* taken directly from krb5_get_tgs_ktypes... */
214 XXX - For now, we only support libdefaults
215 Perhaps this should be extended to allow for per-host / per-realm
222 krb5_error_code code;
224 code = profile_get_string(context->profile,
225 "libdefaults", "default_tkt_enctypes", NULL,
226 "des-cbc-md5 des-cbc-crc",
234 for (ep = sp; *ep && (*ep != ',') && !isspace(*ep); ep++)
248 (krb5_enctype *)malloc(sizeof(krb5_enctype) * (count + 1))) ==
249 (krb5_enctype *) NULL)
256 if (! krb5_string_to_enctype(sp, &old_ktypes[j]))
262 /* skip to next token */
267 old_ktypes[j] = (krb5_enctype) 0;
271 *ktypes = old_ktypes;
276 krb5_set_default_tgs_ktypes(context, ktypes)
277 krb5_context context;
278 const krb5_enctype *ktypes;
280 krb5_enctype * new_ktypes;
284 for (i = 0; ktypes[i]; i++) {
285 if (!valid_enctype(ktypes[i]))
286 return KRB5_PROG_ETYPE_NOSUPP;
289 /* Now copy the default ktypes into the context pointer */
290 if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i)))
291 memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
297 new_ktypes = (krb5_enctype *)NULL;
300 if (context->tgs_ktypes)
301 free(context->tgs_ktypes);
302 context->tgs_ktypes = new_ktypes;
303 context->tgs_ktype_count = i;
308 krb5_get_tgs_ktypes(context, princ, ktypes)
309 krb5_context context;
310 krb5_const_principal princ;
311 krb5_enctype **ktypes;
313 krb5_enctype * old_ktypes;
315 if (context->tgs_ktype_count) {
317 /* Application-set defaults */
320 (krb5_enctype *)malloc(sizeof(krb5_enctype) *
321 (context->tgs_ktype_count + 1)))) {
322 memcpy(old_ktypes, context->tgs_ktypes, sizeof(krb5_enctype) *
323 context->tgs_ktype_count);
324 old_ktypes[context->tgs_ktype_count] = 0;
330 XXX - For now, we only support libdefaults
331 Perhaps this should be extended to allow for per-host / per-realm
338 krb5_error_code code;
340 code = profile_get_string(context->profile,
341 "libdefaults", "default_tgs_enctypes", NULL,
342 "des-cbc-md5 des-cbc-crc",
350 for (ep = sp; *ep && (*ep != ',') && !isspace(*ep); ep++)
364 (krb5_enctype *)malloc(sizeof(krb5_enctype) * (count + 1))) ==
365 (krb5_enctype *) NULL)
372 if (! krb5_string_to_enctype(sp, &old_ktypes[j]))
378 /* skip to next token */
383 old_ktypes[j] = (krb5_enctype) 0;
387 *ktypes = old_ktypes;