47
47
static krb5_error_code
48
48
get_new_creds(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
49
krb5_flags kdcopt, krb5_creds **out_creds)
49
krb5_flags kdcopt, krb5_creds **out_creds)
51
51
krb5_error_code code;
52
52
krb5_creds old_creds, *new_creds = NULL;
56
56
/* Retrieve an existing cached credential matching in_creds. */
57
57
code = krb5_cc_retrieve_cred(context, ccache, KRB5_TC_SUPPORTED_KTYPES,
58
in_creds, &old_creds);
58
in_creds, &old_creds);
62
62
/* Use KDC options from old credential as well as requested options. */
63
63
kdcopt |= (old_creds.ticket_flags & KDC_TKT_COMMON_MASK);
65
65
/* Use the old credential to get a new credential from the KDC. */
66
66
code = krb5_get_cred_via_tkt(context, &old_creds, kdcopt,
67
old_creds.addresses, in_creds, &new_creds);
67
old_creds.addresses, in_creds, &new_creds);
68
68
krb5_free_cred_contents(context, &old_creds);
72
72
*out_creds = new_creds;
81
81
static krb5_error_code
82
82
gc_valrenew(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
83
krb5_flags kdcopt, krb5_creds **out_creds)
83
krb5_flags kdcopt, krb5_creds **out_creds)
85
85
krb5_error_code code;
86
86
krb5_creds *new_creds = NULL;
89
89
/* Get the validated or renewed credential. */
90
90
code = get_new_creds(context, ccache, in_creds, kdcopt, &new_creds);
94
94
/* Reinitialize the cache without changing its default principal. */
95
95
code = krb5_cc_get_principal(context, ccache, &default_princ);
136
136
static krb5_error_code
137
137
get_valrenewed_creds(krb5_context context, krb5_creds *out_creds,
138
krb5_principal client, krb5_ccache ccache,
139
char *in_tkt_service, int kdcopt)
138
krb5_principal client, krb5_ccache ccache,
139
char *in_tkt_service, int kdcopt)
141
141
krb5_error_code code;
142
142
krb5_creds in_creds, *new_creds;
143
143
krb5_principal server = NULL;
145
145
if (in_tkt_service != NULL) {
146
/* Parse in_tkt_service, but use the client's realm. */
147
code = krb5_parse_name(context, in_tkt_service, &server);
150
krb5_free_data_contents(context, &server->realm);
151
code = krb5int_copy_data_contents(context, &client->realm,
146
/* Parse in_tkt_service, but use the client's realm. */
147
code = krb5_parse_name(context, in_tkt_service, &server);
150
krb5_free_data_contents(context, &server->realm);
151
code = krb5int_copy_data_contents(context, &client->realm,
156
/* Use the TGT name for the client's realm. */
157
code = krb5int_tgtname(context, &client->realm, &client->realm,
156
/* Use the TGT name for the client's realm. */
157
code = krb5int_tgtname(context, &client->realm, &client->realm,
163
163
memset(&in_creds, 0, sizeof(krb5_creds));
167
167
/* Get the validated or renewed credential from the KDC. */
168
168
code = get_new_creds(context, ccache, &in_creds, kdcopt, &new_creds);
172
172
/* Fill in *out_creds and free the unwanted new_creds container. */
173
173
*out_creds = *new_creds;
181
181
krb5_error_code KRB5_CALLCONV
182
182
krb5_get_validated_creds(krb5_context context, krb5_creds *creds,
183
krb5_principal client, krb5_ccache ccache,
184
char *in_tkt_service)
183
krb5_principal client, krb5_ccache ccache,
184
char *in_tkt_service)
186
186
return get_valrenewed_creds(context, creds, client, ccache,
187
in_tkt_service, KDC_OPT_VALIDATE);
187
in_tkt_service, KDC_OPT_VALIDATE);
190
190
krb5_error_code KRB5_CALLCONV
191
191
krb5_get_renewed_creds(krb5_context context, krb5_creds *creds,
192
krb5_principal client, krb5_ccache ccache,
193
char *in_tkt_service)
192
krb5_principal client, krb5_ccache ccache,
193
char *in_tkt_service)
195
195
return get_valrenewed_creds(context, creds, client, ccache,
196
in_tkt_service, KDC_OPT_RENEW);
196
in_tkt_service, KDC_OPT_RENEW);