/* * lib/krb5/krb/in_tkt_ktb.c * * Copyright 1990,1991 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * * krb5_get_in_tkt_with_keytab() * */ #include "k5-int.h" struct keytab_keyproc_arg { krb5_keytab keytab; krb5_principal client; }; /* * Key-generator for in_tkt_keytab, below. * "keyseed" is actually a krb5_keytab, or NULL if we should fetch * from system area. */ static krb5_error_code keytab_keyproc (krb5_context, const krb5_enctype, krb5_data *, krb5_const_pointer, krb5_keyblock **); static krb5_error_code keytab_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt, krb5_const_pointer keyseed, krb5_keyblock **key) { const struct keytab_keyproc_arg * arg = (const struct keytab_keyproc_arg *)keyseed; krb5_keyblock *realkey; krb5_error_code retval = 0; krb5_keytab kt_id; krb5_keytab_entry kt_ent; kt_id = arg->keytab; if (!krb5_c_valid_enctype(type)) return KRB5_PROG_ETYPE_NOSUPP; if (kt_id == NULL) /* Fetch from default keytab location */ if ((retval = krb5_kt_default(context, &kt_id))) return retval; if ((retval = krb5_kt_get_entry(context, kt_id, arg->client, 0, /* don't have vno available */ type, &kt_ent))) goto cleanup; if ((retval = krb5_copy_keyblock(context, &kt_ent.key, &realkey))) { (void) krb5_kt_free_entry(context, &kt_ent); goto cleanup; } (void) krb5_kt_free_entry(context, &kt_ent); *key = realkey; cleanup: if (! arg->keytab) krb5_kt_close(context, kt_id); return retval; } /* Similar to krb5_get_in_tkt_with_skey. Attempts to get an initial ticket for creds->client to use server creds->server, (realm is taken from creds->client), with options options, and using creds->times.starttime, creds->times.endtime, creds->times.renew_till as from, till, and rtime. creds->times.renew_till is ignored unless the RENEWABLE option is requested. If addrs is non-NULL, it is used for the addresses requested. If it is null, the system standard addresses are used. A succesful call will place the ticket in the credentials cache ccache. returns system errors, encryption errors */ krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_address *const *addrs, krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, krb5_keytab keytab, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep **ret_as_reply) { struct keytab_keyproc_arg arg; arg.keytab = keytab; arg.client = creds->client; return(krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, keytab_keyproc, (krb5_pointer)&arg, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply)); }