1 /* 2 * Copyright (c) 2004 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "kuser_locl.h" 35 #include <config.h> 36 #include <parse_units.h> 37 #include <parse_time.h> 38 #include "kcc-commands.h" 39 40 static int32_t 41 bitswap32(int32_t b) 42 { 43 int32_t r = 0; 44 int i; 45 for (i = 0; i < 32; i++) { 46 r = r << 1 | (b & 1); 47 b = b >> 1; 48 } 49 return r; 50 } 51 52 static void 53 parse_ticket_flags(krb5_context context, 54 const char *string, krb5_ticket_flags *ret_flags) 55 { 56 TicketFlags ff; 57 int flags = parse_flags(string, asn1_TicketFlags_units(), 0); 58 if (flags == -1) /* XXX */ 59 krb5_errx(context, 1, "bad flags specified: \"%s\"", string); 60 61 memset(&ff, 0, sizeof(ff)); 62 ff.proxy = 1; 63 if ((size_t)parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff)) 64 ret_flags->i = flags; 65 else 66 ret_flags->i = bitswap32(flags); 67 } 68 69 struct ctx { 70 krb5_flags whichfields; 71 krb5_creds mcreds; 72 }; 73 74 static krb5_boolean 75 matchfunc(krb5_context context, void *ptr, const krb5_creds *creds) 76 { 77 struct ctx *ctx = ptr; 78 if (krb5_compare_creds(context, ctx->whichfields, &ctx->mcreds, creds)) 79 return TRUE; 80 return FALSE; 81 } 82 83 int 84 copy_cred_cache(struct copy_cred_cache_options *opt, int argc, char **argv) 85 { 86 krb5_error_code ret; 87 const char *from_name, *to_name; 88 krb5_ccache from_ccache, to_ccache; 89 unsigned int matched; 90 struct ctx ctx; 91 92 memset(&ctx, 0, sizeof(ctx)); 93 94 if (opt->service_string) { 95 ret = krb5_parse_name(kcc_context, opt->service_string, &ctx.mcreds.server); 96 if (ret) 97 krb5_err(kcc_context, 1, ret, "%s", opt->service_string); 98 } 99 if (opt->enctype_string) { 100 krb5_enctype enctype; 101 ret = krb5_string_to_enctype(kcc_context, opt->enctype_string, &enctype); 102 if (ret) 103 krb5_err(kcc_context, 1, ret, "%s", opt->enctype_string); 104 ctx.whichfields |= KRB5_TC_MATCH_KEYTYPE; 105 ctx.mcreds.session.keytype = enctype; 106 } 107 if (opt->flags_string) { 108 parse_ticket_flags(kcc_context, opt->flags_string, &ctx.mcreds.flags); 109 ctx.whichfields |= KRB5_TC_MATCH_FLAGS; 110 } 111 if (opt->valid_for_string) { 112 time_t t = parse_time(opt->valid_for_string, "s"); 113 if(t < 0) 114 errx(1, "unknown time \"%s\"", opt->valid_for_string); 115 ctx.mcreds.times.endtime = time(NULL) + t; 116 ctx.whichfields |= KRB5_TC_MATCH_TIMES; 117 } 118 if (opt->fcache_version_integer) 119 krb5_set_fcache_version(kcc_context, opt->fcache_version_integer); 120 121 if (argc == 1) { 122 from_name = krb5_cc_default_name(kcc_context); 123 to_name = argv[0]; 124 } else { 125 from_name = argv[0]; 126 to_name = argv[1]; 127 } 128 129 ret = krb5_cc_resolve(kcc_context, from_name, &from_ccache); 130 if (ret) 131 krb5_err(kcc_context, 1, ret, "%s", from_name); 132 133 if (opt->krbtgt_only_flag) { 134 krb5_principal client; 135 ret = krb5_cc_get_principal(kcc_context, from_ccache, &client); 136 if (ret) 137 krb5_err(kcc_context, 1, ret, "getting default principal"); 138 ret = krb5_make_principal(kcc_context, &ctx.mcreds.server, 139 krb5_principal_get_realm(kcc_context, client), 140 KRB5_TGS_NAME, 141 krb5_principal_get_realm(kcc_context, client), 142 NULL); 143 if (ret) 144 krb5_err(kcc_context, 1, ret, "constructing krbtgt principal"); 145 krb5_free_principal(kcc_context, client); 146 } 147 ret = krb5_cc_resolve(kcc_context, to_name, &to_ccache); 148 if (ret) 149 krb5_err(kcc_context, 1, ret, "%s", to_name); 150 151 ret = krb5_cc_copy_match_f(kcc_context, from_ccache, to_ccache, 152 matchfunc, &ctx, &matched); 153 if (ret) 154 krb5_err(kcc_context, 1, ret, "copying cred cache"); 155 156 krb5_cc_close(kcc_context, from_ccache); 157 if(matched == 0) 158 krb5_cc_destroy(kcc_context, to_ccache); 159 else 160 krb5_cc_close(kcc_context, to_ccache); 161 162 return matched == 0; 163 } 164