renew.c revision 1.1.1.1.4.1
1/* $NetBSD: renew.c,v 1.1.1.1.4.1 2014/05/22 13:21:24 yamt Exp $ */ 2 3/* 4 * Copyright (c) 2005, PADL Software Pty Ltd. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * 3. Neither the name of PADL Software nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35#include "kcm_locl.h" 36 37__RCSID("NetBSD"); 38 39krb5_error_code 40kcm_ccache_refresh(krb5_context context, 41 kcm_ccache ccache, 42 krb5_creds **credp) 43{ 44 krb5_error_code ret; 45 krb5_creds in, *out; 46 krb5_kdc_flags flags; 47 krb5_const_realm realm; 48 krb5_ccache_data ccdata; 49 50 memset(&in, 0, sizeof(in)); 51 52 KCM_ASSERT_VALID(ccache); 53 54 if (ccache->client == NULL) { 55 /* no primary principal */ 56 kcm_log(0, "Refresh credentials requested but no client principal"); 57 return KRB5_CC_NOTFOUND; 58 } 59 60 HEIMDAL_MUTEX_lock(&ccache->mutex); 61 62 /* Fake up an internal ccache */ 63 kcm_internal_ccache(context, ccache, &ccdata); 64 65 /* Find principal */ 66 in.client = ccache->client; 67 68 if (ccache->server != NULL) { 69 ret = krb5_copy_principal(context, ccache->server, &in.server); 70 if (ret) { 71 kcm_log(0, "Failed to copy service principal: %s", 72 krb5_get_err_text(context, ret)); 73 goto out; 74 } 75 } else { 76 realm = krb5_principal_get_realm(context, in.client); 77 ret = krb5_make_principal(context, &in.server, realm, 78 KRB5_TGS_NAME, realm, NULL); 79 if (ret) { 80 kcm_log(0, "Failed to make TGS principal for realm %s: %s", 81 realm, krb5_get_err_text(context, ret)); 82 goto out; 83 } 84 } 85 86 if (ccache->tkt_life) 87 in.times.endtime = time(NULL) + ccache->tkt_life; 88 if (ccache->renew_life) 89 in.times.renew_till = time(NULL) + ccache->renew_life; 90 91 flags.i = 0; 92 flags.b.renewable = TRUE; 93 flags.b.renew = TRUE; 94 95 ret = krb5_get_kdc_cred(context, 96 &ccdata, 97 flags, 98 NULL, 99 NULL, 100 &in, 101 &out); 102 if (ret) { 103 kcm_log(0, "Failed to renew credentials for cache %s: %s", 104 ccache->name, krb5_get_err_text(context, ret)); 105 goto out; 106 } 107 108 /* Swap them in */ 109 kcm_ccache_remove_creds_internal(context, ccache); 110 111 ret = kcm_ccache_store_cred_internal(context, ccache, out, 0, credp); 112 if (ret) { 113 kcm_log(0, "Failed to store credentials for cache %s: %s", 114 ccache->name, krb5_get_err_text(context, ret)); 115 krb5_free_creds(context, out); 116 goto out; 117 } 118 119 free(out); /* but not contents */ 120 121out: 122 HEIMDAL_MUTEX_unlock(&ccache->mutex); 123 124 return ret; 125} 126 127