2 * lib/krb5/krb/gic_keytab.c
4 * Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
29 static krb5_error_code
30 krb5_get_as_key_keytab(
32 krb5_principal client,
34 krb5_prompter_fct prompter,
38 krb5_keyblock *as_key,
41 krb5_keytab keytab = (krb5_keytab) gak_data;
43 krb5_keytab_entry kt_ent;
44 krb5_keyblock *kt_key;
46 /* if there's already a key of the correct etype, we're done.
47 if the etype is wrong, free the existing key, and make
51 if (as_key->enctype == etype)
54 krb5_free_keyblock_contents(context, as_key);
58 if (!krb5_c_valid_enctype(etype))
59 return(KRB5_PROG_ETYPE_NOSUPP);
61 if ((ret = krb5_kt_get_entry(context, keytab, client,
62 0, /* don't have vno available */
66 ret = krb5_copy_keyblock(context, &kt_ent.key, &kt_key);
68 /* again, krb5's memory management is lame... */
73 (void) krb5_kt_free_entry(context, &kt_ent);
78 krb5_error_code KRB5_CALLCONV
79 krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *options)
81 krb5_error_code ret, ret2;
85 if (arg_keytab == NULL) {
86 if ((ret = krb5_kt_default(context, &keytab)))
94 /* first try: get the requested tkt from any kdc */
96 ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
97 start_time, in_tkt_service, options,
98 krb5_get_as_key_keytab, (void *) keytab,
101 /* check for success */
106 /* If all the kdc's are unavailable fail */
108 if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
111 /* if the reply did not come from the master kdc, try again with
117 ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
118 start_time, in_tkt_service, options,
119 krb5_get_as_key_keytab, (void *) keytab,
127 /* if the master is unreachable, return the error from the
128 slave we were able to contact */
130 if ((ret2 == KRB5_KDC_UNREACH) || (ret2 == KRB5_REALM_CANT_RESOLVE))
136 /* at this point, we have a response from the master. Since we don't
137 do any prompting or changing for keytabs, that's it. */
140 if (arg_keytab == NULL)
141 krb5_kt_close(context, keytab);
145 krb5_error_code KRB5_CALLCONV
146 krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
147 krb5_address *const *addrs, krb5_enctype *ktypes,
148 krb5_preauthtype *pre_auth_types,
149 krb5_keytab arg_keytab, krb5_ccache ccache,
150 krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
152 krb5_error_code retval;
153 krb5_get_init_creds_opt opt;
154 char * server = NULL;
156 krb5_principal client_princ, server_princ;
158 krb5int_populate_gic_opt(context, &opt,
159 options, addrs, ktypes,
161 if (arg_keytab == NULL) {
162 retval = krb5_kt_default(context, &keytab);
166 else keytab = arg_keytab;
168 retval = krb5_unparse_name( context, creds->server, &server);
171 server_princ = creds->server;
172 client_princ = creds->client;
173 retval = krb5_get_init_creds (context,
174 creds, creds->client,
175 krb5_prompter_posix, NULL,
177 krb5_get_as_key_keytab, (void *)keytab,
179 krb5_free_unparsed_name( context, server);
184 krb5_free_principal( context, creds->server);
186 krb5_free_principal( context, creds->client);
187 creds->client = client_princ;
188 creds->server = server_princ;
190 /* store it in the ccache! */
192 if ((retval = krb5_cc_store_cred(context, ccache, creds)))
194 cleanup: if (arg_keytab == NULL)
195 krb5_kt_close(context, keytab);