1b528cefcSMark Murray /*
2*ae771770SStanislav Sedov * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
3b528cefcSMark Murray * (Royal Institute of Technology, Stockholm, Sweden).
4b528cefcSMark Murray * All rights reserved.
5b528cefcSMark Murray *
6*ae771770SStanislav Sedov * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7*ae771770SStanislav Sedov *
8b528cefcSMark Murray * Redistribution and use in source and binary forms, with or without
9b528cefcSMark Murray * modification, are permitted provided that the following conditions
10b528cefcSMark Murray * are met:
11b528cefcSMark Murray *
12b528cefcSMark Murray * 1. Redistributions of source code must retain the above copyright
13b528cefcSMark Murray * notice, this list of conditions and the following disclaimer.
14b528cefcSMark Murray *
15b528cefcSMark Murray * 2. Redistributions in binary form must reproduce the above copyright
16b528cefcSMark Murray * notice, this list of conditions and the following disclaimer in the
17b528cefcSMark Murray * documentation and/or other materials provided with the distribution.
18b528cefcSMark Murray *
19b528cefcSMark Murray * 3. Neither the name of the Institute nor the names of its contributors
20b528cefcSMark Murray * may be used to endorse or promote products derived from this software
21b528cefcSMark Murray * without specific prior written permission.
22b528cefcSMark Murray *
23b528cefcSMark Murray * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24b528cefcSMark Murray * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25b528cefcSMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26b528cefcSMark Murray * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27b528cefcSMark Murray * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28b528cefcSMark Murray * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29b528cefcSMark Murray * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30b528cefcSMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31b528cefcSMark Murray * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32b528cefcSMark Murray * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33b528cefcSMark Murray * SUCH DAMAGE.
34b528cefcSMark Murray */
35b528cefcSMark Murray
36b528cefcSMark Murray #include "krb5_locl.h"
37b528cefcSMark Murray
38*ae771770SStanislav Sedov #undef __attribute__
39*ae771770SStanislav Sedov #define __attribute__(x)
40b528cefcSMark Murray
41*ae771770SStanislav Sedov /**
42*ae771770SStanislav Sedov * @page krb5_init_creds_intro The initial credential handing functions
43*ae771770SStanislav Sedov * @section section_krb5_init_creds Initial credential
44*ae771770SStanislav Sedov *
45*ae771770SStanislav Sedov * Functions to get initial credentials: @ref krb5_credential .
46*ae771770SStanislav Sedov */
47c19800e8SDoug Rabson
48*ae771770SStanislav Sedov /**
49*ae771770SStanislav Sedov * Allocate a new krb5_get_init_creds_opt structure, free with
50*ae771770SStanislav Sedov * krb5_get_init_creds_opt_free().
51*ae771770SStanislav Sedov *
52*ae771770SStanislav Sedov * @ingroup krb5_credential
53*ae771770SStanislav Sedov */
54*ae771770SStanislav Sedov
55*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_alloc(krb5_context context,krb5_get_init_creds_opt ** opt)56c19800e8SDoug Rabson krb5_get_init_creds_opt_alloc(krb5_context context,
57c19800e8SDoug Rabson krb5_get_init_creds_opt **opt)
58c19800e8SDoug Rabson {
59c19800e8SDoug Rabson krb5_get_init_creds_opt *o;
60c19800e8SDoug Rabson
61c19800e8SDoug Rabson *opt = NULL;
62c19800e8SDoug Rabson o = calloc(1, sizeof(*o));
63c19800e8SDoug Rabson if (o == NULL) {
64*ae771770SStanislav Sedov krb5_set_error_message(context, ENOMEM,
65*ae771770SStanislav Sedov N_("malloc: out of memory", ""));
66c19800e8SDoug Rabson return ENOMEM;
67c19800e8SDoug Rabson }
68*ae771770SStanislav Sedov
69c19800e8SDoug Rabson o->opt_private = calloc(1, sizeof(*o->opt_private));
70c19800e8SDoug Rabson if (o->opt_private == NULL) {
71*ae771770SStanislav Sedov krb5_set_error_message(context, ENOMEM,
72*ae771770SStanislav Sedov N_("malloc: out of memory", ""));
73c19800e8SDoug Rabson free(o);
74c19800e8SDoug Rabson return ENOMEM;
75c19800e8SDoug Rabson }
76c19800e8SDoug Rabson o->opt_private->refcount = 1;
77c19800e8SDoug Rabson *opt = o;
78c19800e8SDoug Rabson return 0;
79c19800e8SDoug Rabson }
80c19800e8SDoug Rabson
81*ae771770SStanislav Sedov /**
82*ae771770SStanislav Sedov * Free krb5_get_init_creds_opt structure.
83*ae771770SStanislav Sedov *
84*ae771770SStanislav Sedov * @ingroup krb5_credential
85*ae771770SStanislav Sedov */
86c19800e8SDoug Rabson
87*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_free(krb5_context context,krb5_get_init_creds_opt * opt)88c19800e8SDoug Rabson krb5_get_init_creds_opt_free(krb5_context context,
89c19800e8SDoug Rabson krb5_get_init_creds_opt *opt)
90c19800e8SDoug Rabson {
91c19800e8SDoug Rabson if (opt == NULL || opt->opt_private == NULL)
92c19800e8SDoug Rabson return;
93c19800e8SDoug Rabson if (opt->opt_private->refcount < 1) /* abort ? */
94c19800e8SDoug Rabson return;
95c19800e8SDoug Rabson if (--opt->opt_private->refcount == 0) {
96c19800e8SDoug Rabson _krb5_get_init_creds_opt_free_pkinit(opt);
97c19800e8SDoug Rabson free(opt->opt_private);
98c19800e8SDoug Rabson }
99c19800e8SDoug Rabson memset(opt, 0, sizeof(*opt));
100c19800e8SDoug Rabson free(opt);
101b528cefcSMark Murray }
102b528cefcSMark Murray
1034137ff4cSJacques Vidrine static int
get_config_time(krb5_context context,const char * realm,const char * name,int def)1044137ff4cSJacques Vidrine get_config_time (krb5_context context,
1054137ff4cSJacques Vidrine const char *realm,
1064137ff4cSJacques Vidrine const char *name,
1074137ff4cSJacques Vidrine int def)
1084137ff4cSJacques Vidrine {
1094137ff4cSJacques Vidrine int ret;
1104137ff4cSJacques Vidrine
1114137ff4cSJacques Vidrine ret = krb5_config_get_time (context, NULL,
1124137ff4cSJacques Vidrine "realms",
1134137ff4cSJacques Vidrine realm,
1144137ff4cSJacques Vidrine name,
1154137ff4cSJacques Vidrine NULL);
1164137ff4cSJacques Vidrine if (ret >= 0)
1174137ff4cSJacques Vidrine return ret;
1184137ff4cSJacques Vidrine ret = krb5_config_get_time (context, NULL,
1194137ff4cSJacques Vidrine "libdefaults",
1204137ff4cSJacques Vidrine name,
1214137ff4cSJacques Vidrine NULL);
1224137ff4cSJacques Vidrine if (ret >= 0)
1234137ff4cSJacques Vidrine return ret;
1244137ff4cSJacques Vidrine return def;
1254137ff4cSJacques Vidrine }
1264137ff4cSJacques Vidrine
1274137ff4cSJacques Vidrine static krb5_boolean
get_config_bool(krb5_context context,krb5_boolean def_value,const char * realm,const char * name)1284137ff4cSJacques Vidrine get_config_bool (krb5_context context,
129*ae771770SStanislav Sedov krb5_boolean def_value,
1304137ff4cSJacques Vidrine const char *realm,
1314137ff4cSJacques Vidrine const char *name)
1324137ff4cSJacques Vidrine {
133*ae771770SStanislav Sedov krb5_boolean b;
134*ae771770SStanislav Sedov
135*ae771770SStanislav Sedov b = krb5_config_get_bool_default(context, NULL, def_value,
136*ae771770SStanislav Sedov "realms", realm, name, NULL);
137*ae771770SStanislav Sedov if (b != def_value)
138*ae771770SStanislav Sedov return b;
139*ae771770SStanislav Sedov b = krb5_config_get_bool_default (context, NULL, def_value,
140*ae771770SStanislav Sedov "libdefaults", name, NULL);
141*ae771770SStanislav Sedov if (b != def_value)
142*ae771770SStanislav Sedov return b;
143*ae771770SStanislav Sedov return def_value;
1444137ff4cSJacques Vidrine }
1454137ff4cSJacques Vidrine
1464137ff4cSJacques Vidrine /*
1474137ff4cSJacques Vidrine * set all the values in `opt' to the appropriate values for
1484137ff4cSJacques Vidrine * application `appname' (default to getprogname() if NULL), and realm
1494137ff4cSJacques Vidrine * `realm'. First looks in [appdefaults] but falls back to
1504137ff4cSJacques Vidrine * [realms] or [libdefaults] for some of the values.
1514137ff4cSJacques Vidrine */
1524137ff4cSJacques Vidrine
153*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_default_flags(krb5_context context,const char * appname,krb5_const_realm realm,krb5_get_init_creds_opt * opt)1545e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_default_flags(krb5_context context,
1555e9cd1aeSAssar Westerlund const char *appname,
1564137ff4cSJacques Vidrine krb5_const_realm realm,
1575e9cd1aeSAssar Westerlund krb5_get_init_creds_opt *opt)
1585e9cd1aeSAssar Westerlund {
1595e9cd1aeSAssar Westerlund krb5_boolean b;
1605e9cd1aeSAssar Westerlund time_t t;
1615e9cd1aeSAssar Westerlund
162*ae771770SStanislav Sedov b = get_config_bool (context, KRB5_FORWARDABLE_DEFAULT,
163*ae771770SStanislav Sedov realm, "forwardable");
1644137ff4cSJacques Vidrine krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
1655e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_forwardable(opt, b);
1665e9cd1aeSAssar Westerlund
167*ae771770SStanislav Sedov b = get_config_bool (context, FALSE, realm, "proxiable");
1684137ff4cSJacques Vidrine krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
1695e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_proxiable (opt, b);
1705e9cd1aeSAssar Westerlund
1714137ff4cSJacques Vidrine krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
1724137ff4cSJacques Vidrine if (t == 0)
1734137ff4cSJacques Vidrine t = get_config_time (context, realm, "ticket_lifetime", 0);
1745e9cd1aeSAssar Westerlund if(t != 0)
1755e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_tkt_life(opt, t);
1765e9cd1aeSAssar Westerlund
1774137ff4cSJacques Vidrine krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
1784137ff4cSJacques Vidrine if (t == 0)
1794137ff4cSJacques Vidrine t = get_config_time (context, realm, "renew_lifetime", 0);
1805e9cd1aeSAssar Westerlund if(t != 0)
1815e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_renew_life(opt, t);
1825e9cd1aeSAssar Westerlund
183c19800e8SDoug Rabson krb5_appdefault_boolean(context, appname, realm, "no-addresses",
184c19800e8SDoug Rabson KRB5_ADDRESSLESS_DEFAULT, &b);
185c19800e8SDoug Rabson krb5_get_init_creds_opt_set_addressless (context, opt, b);
1864137ff4cSJacques Vidrine
1875e9cd1aeSAssar Westerlund #if 0
1885e9cd1aeSAssar Westerlund krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
1895e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_anonymous (opt, b);
1905e9cd1aeSAssar Westerlund
1915e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_etype_list(opt, enctype,
1925e9cd1aeSAssar Westerlund etype_str.num_strings);
1935e9cd1aeSAssar Westerlund
1945e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
1955e9cd1aeSAssar Westerlund krb5_data *salt);
1965e9cd1aeSAssar Westerlund
1975e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
1985e9cd1aeSAssar Westerlund krb5_preauthtype *preauth_list,
1995e9cd1aeSAssar Westerlund int preauth_list_length);
2005e9cd1aeSAssar Westerlund #endif
2015e9cd1aeSAssar Westerlund }
2025e9cd1aeSAssar Westerlund
2035e9cd1aeSAssar Westerlund
204*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt * opt,krb5_deltat tkt_life)205b528cefcSMark Murray krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
206b528cefcSMark Murray krb5_deltat tkt_life)
207b528cefcSMark Murray {
208b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
209b528cefcSMark Murray opt->tkt_life = tkt_life;
210b528cefcSMark Murray }
211b528cefcSMark Murray
212*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt * opt,krb5_deltat renew_life)213b528cefcSMark Murray krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
214b528cefcSMark Murray krb5_deltat renew_life)
215b528cefcSMark Murray {
216b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
217b528cefcSMark Murray opt->renew_life = renew_life;
218b528cefcSMark Murray }
219b528cefcSMark Murray
220*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt * opt,int forwardable)221b528cefcSMark Murray krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
222b528cefcSMark Murray int forwardable)
223b528cefcSMark Murray {
224b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
225b528cefcSMark Murray opt->forwardable = forwardable;
226b528cefcSMark Murray }
227b528cefcSMark Murray
228*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt * opt,int proxiable)229b528cefcSMark Murray krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
230b528cefcSMark Murray int proxiable)
231b528cefcSMark Murray {
232b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
233b528cefcSMark Murray opt->proxiable = proxiable;
234b528cefcSMark Murray }
235b528cefcSMark Murray
236*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt * opt,krb5_enctype * etype_list,int etype_list_length)237b528cefcSMark Murray krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
238b528cefcSMark Murray krb5_enctype *etype_list,
239b528cefcSMark Murray int etype_list_length)
240b528cefcSMark Murray {
241b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
242b528cefcSMark Murray opt->etype_list = etype_list;
243b528cefcSMark Murray opt->etype_list_length = etype_list_length;
244b528cefcSMark Murray }
245b528cefcSMark Murray
246*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt * opt,krb5_addresses * addresses)247b528cefcSMark Murray krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
248b528cefcSMark Murray krb5_addresses *addresses)
249b528cefcSMark Murray {
250b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
251b528cefcSMark Murray opt->address_list = addresses;
252b528cefcSMark Murray }
253b528cefcSMark Murray
254*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt * opt,krb5_preauthtype * preauth_list,int preauth_list_length)255b528cefcSMark Murray krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
256b528cefcSMark Murray krb5_preauthtype *preauth_list,
257b528cefcSMark Murray int preauth_list_length)
258b528cefcSMark Murray {
259b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
260b528cefcSMark Murray opt->preauth_list_length = preauth_list_length;
261b528cefcSMark Murray opt->preauth_list = preauth_list;
262b528cefcSMark Murray }
263b528cefcSMark Murray
264*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt * opt,krb5_data * salt)265b528cefcSMark Murray krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
266b528cefcSMark Murray krb5_data *salt)
267b528cefcSMark Murray {
268b528cefcSMark Murray opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
269b528cefcSMark Murray opt->salt = salt;
270b528cefcSMark Murray }
2715e9cd1aeSAssar Westerlund
272*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt * opt,int anonymous)2735e9cd1aeSAssar Westerlund krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
2745e9cd1aeSAssar Westerlund int anonymous)
2755e9cd1aeSAssar Westerlund {
2765e9cd1aeSAssar Westerlund opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
2775e9cd1aeSAssar Westerlund opt->anonymous = anonymous;
2785e9cd1aeSAssar Westerlund }
279c19800e8SDoug Rabson
280c19800e8SDoug Rabson static krb5_error_code
require_ext_opt(krb5_context context,krb5_get_init_creds_opt * opt,const char * type)281c19800e8SDoug Rabson require_ext_opt(krb5_context context,
282c19800e8SDoug Rabson krb5_get_init_creds_opt *opt,
283c19800e8SDoug Rabson const char *type)
284c19800e8SDoug Rabson {
285c19800e8SDoug Rabson if (opt->opt_private == NULL) {
286*ae771770SStanislav Sedov krb5_set_error_message(context, EINVAL,
287*ae771770SStanislav Sedov N_("%s on non extendable opt", ""), type);
288c19800e8SDoug Rabson return EINVAL;
289c19800e8SDoug Rabson }
290c19800e8SDoug Rabson return 0;
291c19800e8SDoug Rabson }
292c19800e8SDoug Rabson
293*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pa_password(krb5_context context,krb5_get_init_creds_opt * opt,const char * password,krb5_s2k_proc key_proc)294c19800e8SDoug Rabson krb5_get_init_creds_opt_set_pa_password(krb5_context context,
295c19800e8SDoug Rabson krb5_get_init_creds_opt *opt,
296c19800e8SDoug Rabson const char *password,
297c19800e8SDoug Rabson krb5_s2k_proc key_proc)
298c19800e8SDoug Rabson {
299c19800e8SDoug Rabson krb5_error_code ret;
300c19800e8SDoug Rabson ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password");
301c19800e8SDoug Rabson if (ret)
302c19800e8SDoug Rabson return ret;
303c19800e8SDoug Rabson opt->opt_private->password = password;
304c19800e8SDoug Rabson opt->opt_private->key_proc = key_proc;
305c19800e8SDoug Rabson return 0;
306c19800e8SDoug Rabson }
307c19800e8SDoug Rabson
308*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_pac_request(krb5_context context,krb5_get_init_creds_opt * opt,krb5_boolean req_pac)309c19800e8SDoug Rabson krb5_get_init_creds_opt_set_pac_request(krb5_context context,
310c19800e8SDoug Rabson krb5_get_init_creds_opt *opt,
311c19800e8SDoug Rabson krb5_boolean req_pac)
312c19800e8SDoug Rabson {
313c19800e8SDoug Rabson krb5_error_code ret;
314c19800e8SDoug Rabson ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
315c19800e8SDoug Rabson if (ret)
316c19800e8SDoug Rabson return ret;
317c19800e8SDoug Rabson opt->opt_private->req_pac = req_pac ?
318c19800e8SDoug Rabson KRB5_INIT_CREDS_TRISTATE_TRUE :
319c19800e8SDoug Rabson KRB5_INIT_CREDS_TRISTATE_FALSE;
320c19800e8SDoug Rabson return 0;
321c19800e8SDoug Rabson }
322c19800e8SDoug Rabson
323*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_addressless(krb5_context context,krb5_get_init_creds_opt * opt,krb5_boolean addressless)324c19800e8SDoug Rabson krb5_get_init_creds_opt_set_addressless(krb5_context context,
325c19800e8SDoug Rabson krb5_get_init_creds_opt *opt,
326c19800e8SDoug Rabson krb5_boolean addressless)
327c19800e8SDoug Rabson {
328c19800e8SDoug Rabson krb5_error_code ret;
329c19800e8SDoug Rabson ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req");
330c19800e8SDoug Rabson if (ret)
331c19800e8SDoug Rabson return ret;
332c19800e8SDoug Rabson if (addressless)
333c19800e8SDoug Rabson opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_TRUE;
334c19800e8SDoug Rabson else
335c19800e8SDoug Rabson opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE;
336c19800e8SDoug Rabson return 0;
337c19800e8SDoug Rabson }
338c19800e8SDoug Rabson
339*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_canonicalize(krb5_context context,krb5_get_init_creds_opt * opt,krb5_boolean req)340c19800e8SDoug Rabson krb5_get_init_creds_opt_set_canonicalize(krb5_context context,
341c19800e8SDoug Rabson krb5_get_init_creds_opt *opt,
342c19800e8SDoug Rabson krb5_boolean req)
343c19800e8SDoug Rabson {
344c19800e8SDoug Rabson krb5_error_code ret;
345c19800e8SDoug Rabson ret = require_ext_opt(context, opt, "init_creds_opt_set_canonicalize");
346c19800e8SDoug Rabson if (ret)
347c19800e8SDoug Rabson return ret;
348c19800e8SDoug Rabson if (req)
349c19800e8SDoug Rabson opt->opt_private->flags |= KRB5_INIT_CREDS_CANONICALIZE;
350c19800e8SDoug Rabson else
351c19800e8SDoug Rabson opt->opt_private->flags &= ~KRB5_INIT_CREDS_CANONICALIZE;
352c19800e8SDoug Rabson return 0;
353c19800e8SDoug Rabson }
354c19800e8SDoug Rabson
355*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_win2k(krb5_context context,krb5_get_init_creds_opt * opt,krb5_boolean req)356c19800e8SDoug Rabson krb5_get_init_creds_opt_set_win2k(krb5_context context,
357c19800e8SDoug Rabson krb5_get_init_creds_opt *opt,
358c19800e8SDoug Rabson krb5_boolean req)
359c19800e8SDoug Rabson {
360c19800e8SDoug Rabson krb5_error_code ret;
361c19800e8SDoug Rabson ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
362c19800e8SDoug Rabson if (ret)
363c19800e8SDoug Rabson return ret;
364*ae771770SStanislav Sedov if (req) {
365c19800e8SDoug Rabson opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK;
366*ae771770SStanislav Sedov opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
367*ae771770SStanislav Sedov } else {
368c19800e8SDoug Rabson opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK;
369*ae771770SStanislav Sedov opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK;
370*ae771770SStanislav Sedov }
371c19800e8SDoug Rabson return 0;
372c19800e8SDoug Rabson }
373c19800e8SDoug Rabson
374*ae771770SStanislav Sedov
375*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_set_process_last_req(krb5_context context,krb5_get_init_creds_opt * opt,krb5_gic_process_last_req func,void * ctx)376*ae771770SStanislav Sedov krb5_get_init_creds_opt_set_process_last_req(krb5_context context,
377*ae771770SStanislav Sedov krb5_get_init_creds_opt *opt,
378*ae771770SStanislav Sedov krb5_gic_process_last_req func,
379*ae771770SStanislav Sedov void *ctx)
380*ae771770SStanislav Sedov {
381*ae771770SStanislav Sedov krb5_error_code ret;
382*ae771770SStanislav Sedov ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k");
383*ae771770SStanislav Sedov if (ret)
384*ae771770SStanislav Sedov return ret;
385*ae771770SStanislav Sedov
386*ae771770SStanislav Sedov opt->opt_private->lr.func = func;
387*ae771770SStanislav Sedov opt->opt_private->lr.ctx = ctx;
388*ae771770SStanislav Sedov
389*ae771770SStanislav Sedov return 0;
390*ae771770SStanislav Sedov }
391*ae771770SStanislav Sedov
392*ae771770SStanislav Sedov
393*ae771770SStanislav Sedov #ifndef HEIMDAL_SMALLER
394*ae771770SStanislav Sedov
395*ae771770SStanislav Sedov /**
396*ae771770SStanislav Sedov * Deprecated: use krb5_get_init_creds_opt_alloc().
397*ae771770SStanislav Sedov *
398*ae771770SStanislav Sedov * The reason krb5_get_init_creds_opt_init() is deprecated is that
399*ae771770SStanislav Sedov * krb5_get_init_creds_opt is a static structure and for ABI reason it
400*ae771770SStanislav Sedov * can't grow, ie can't add new functionality.
401*ae771770SStanislav Sedov *
402*ae771770SStanislav Sedov * @ingroup krb5_deprecated
403*ae771770SStanislav Sedov */
404*ae771770SStanislav Sedov
405*ae771770SStanislav Sedov KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt * opt)406*ae771770SStanislav Sedov krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
407*ae771770SStanislav Sedov KRB5_DEPRECATED_FUNCTION("Use X instead")
408*ae771770SStanislav Sedov {
409*ae771770SStanislav Sedov memset (opt, 0, sizeof(*opt));
410*ae771770SStanislav Sedov }
411*ae771770SStanislav Sedov
412*ae771770SStanislav Sedov /**
413*ae771770SStanislav Sedov * Deprecated: use the new krb5_init_creds_init() and
414*ae771770SStanislav Sedov * krb5_init_creds_get_error().
415*ae771770SStanislav Sedov *
416*ae771770SStanislav Sedov * @ingroup krb5_deprecated
417*ae771770SStanislav Sedov */
418*ae771770SStanislav Sedov
419*ae771770SStanislav Sedov KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_init_creds_opt_get_error(krb5_context context,krb5_get_init_creds_opt * opt,KRB_ERROR ** error)420*ae771770SStanislav Sedov krb5_get_init_creds_opt_get_error(krb5_context context,
421*ae771770SStanislav Sedov krb5_get_init_creds_opt *opt,
422*ae771770SStanislav Sedov KRB_ERROR **error)
423*ae771770SStanislav Sedov KRB5_DEPRECATED_FUNCTION("Use X instead")
424*ae771770SStanislav Sedov {
425*ae771770SStanislav Sedov *error = calloc(1, sizeof(**error));
426*ae771770SStanislav Sedov if (*error == NULL) {
427*ae771770SStanislav Sedov krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
428*ae771770SStanislav Sedov return ENOMEM;
429*ae771770SStanislav Sedov }
430*ae771770SStanislav Sedov
431*ae771770SStanislav Sedov return 0;
432*ae771770SStanislav Sedov }
433*ae771770SStanislav Sedov
434*ae771770SStanislav Sedov #endif /* HEIMDAL_SMALLER */
435