xref: /freebsd/crypto/heimdal/lib/krb5/init_creds.c (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /*
2  * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "krb5_locl.h"
35 
36 RCSID("$Id: init_creds.c,v 1.9 2001/07/03 18:42:07 assar Exp $");
37 
38 void
39 krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
40 {
41     memset (opt, 0, sizeof(*opt));
42     opt->flags = 0;
43 }
44 
45 static int
46 get_config_time (krb5_context context,
47 		 const char *realm,
48 		 const char *name,
49 		 int def)
50 {
51     int ret;
52 
53     ret = krb5_config_get_time (context, NULL,
54 				"realms",
55 				realm,
56 				name,
57 				NULL);
58     if (ret >= 0)
59 	return ret;
60     ret = krb5_config_get_time (context, NULL,
61 				"libdefaults",
62 				name,
63 				NULL);
64     if (ret >= 0)
65 	return ret;
66     return def;
67 }
68 
69 static krb5_boolean
70 get_config_bool (krb5_context context,
71 		 const char *realm,
72 		 const char *name)
73 {
74     return krb5_config_get_bool (context,
75 				 NULL,
76 				 "realms",
77 				 realm,
78 				 name,
79 				 NULL)
80 	|| krb5_config_get_bool (context,
81 				 NULL,
82 				 "libdefaults",
83 				 name,
84 				 NULL);
85 }
86 
87 /*
88  * set all the values in `opt' to the appropriate values for
89  * application `appname' (default to getprogname() if NULL), and realm
90  * `realm'.  First looks in [appdefaults] but falls back to
91  * [realms] or [libdefaults] for some of the values.
92  */
93 
94 static krb5_addresses no_addrs = {0, NULL};
95 
96 void
97 krb5_get_init_creds_opt_set_default_flags(krb5_context context,
98 					  const char *appname,
99 					  krb5_const_realm realm,
100 					  krb5_get_init_creds_opt *opt)
101 {
102     krb5_boolean b;
103     time_t t;
104 
105     b = get_config_bool (context, realm, "forwardable");
106     krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b);
107     krb5_get_init_creds_opt_set_forwardable(opt, b);
108 
109     b = get_config_bool (context, realm, "proxiable");
110     krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b);
111     krb5_get_init_creds_opt_set_proxiable (opt, b);
112 
113     krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t);
114     if (t == 0)
115 	t = get_config_time (context, realm, "ticket_lifetime", 0);
116     if(t != 0)
117 	krb5_get_init_creds_opt_set_tkt_life(opt, t);
118 
119     krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t);
120     if (t == 0)
121 	t = get_config_time (context, realm, "renew_lifetime", 0);
122     if(t != 0)
123 	krb5_get_init_creds_opt_set_renew_life(opt, t);
124 
125     krb5_appdefault_boolean(context, appname, realm, "no-addresses", FALSE, &b);
126     if (b)
127 	krb5_get_init_creds_opt_set_address_list (opt, &no_addrs);
128 
129 #if 0
130     krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
131     krb5_get_init_creds_opt_set_anonymous (opt, b);
132 
133     krb5_get_init_creds_opt_set_etype_list(opt, enctype,
134 					   etype_str.num_strings);
135 
136     krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
137 				     krb5_data *salt);
138 
139     krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
140 					     krb5_preauthtype *preauth_list,
141 					     int preauth_list_length);
142 #endif
143 }
144 
145 
146 void
147 krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
148 				     krb5_deltat tkt_life)
149 {
150     opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
151     opt->tkt_life = tkt_life;
152 }
153 
154 void
155 krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
156 				       krb5_deltat renew_life)
157 {
158     opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
159     opt->renew_life = renew_life;
160 }
161 
162 void
163 krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
164 					int forwardable)
165 {
166     opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
167     opt->forwardable = forwardable;
168 }
169 
170 void
171 krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
172 				      int proxiable)
173 {
174     opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
175     opt->proxiable = proxiable;
176 }
177 
178 void
179 krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
180 				       krb5_enctype *etype_list,
181 				       int etype_list_length)
182 {
183     opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
184     opt->etype_list = etype_list;
185     opt->etype_list_length = etype_list_length;
186 }
187 
188 void
189 krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
190 					 krb5_addresses *addresses)
191 {
192     opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
193     opt->address_list = addresses;
194 }
195 
196 void
197 krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
198 					 krb5_preauthtype *preauth_list,
199 					 int preauth_list_length)
200 {
201     opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
202     opt->preauth_list_length = preauth_list_length;
203     opt->preauth_list = preauth_list;
204 }
205 
206 void
207 krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
208 				 krb5_data *salt)
209 {
210     opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
211     opt->salt = salt;
212 }
213 
214 void
215 krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
216 				      int anonymous)
217 {
218     opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
219     opt->anonymous = anonymous;
220 }
221