1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2002 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 7*7c478bd9Sstevel@tonic-gate 8*7c478bd9Sstevel@tonic-gate /* 9*7c478bd9Sstevel@tonic-gate * lib/krb5/ccache/ccdefault.c 10*7c478bd9Sstevel@tonic-gate * 11*7c478bd9Sstevel@tonic-gate * Copyright 1990 by the Massachusetts Institute of Technology. 12*7c478bd9Sstevel@tonic-gate * All Rights Reserved. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 15*7c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 16*7c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 17*7c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 18*7c478bd9Sstevel@tonic-gate * 19*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20*7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 21*7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 22*7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 23*7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 24*7c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 25*7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 26*7c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 27*7c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 28*7c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 29*7c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 30*7c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 31*7c478bd9Sstevel@tonic-gate * or implied warranty. 32*7c478bd9Sstevel@tonic-gate * 33*7c478bd9Sstevel@tonic-gate * 34*7c478bd9Sstevel@tonic-gate * Find default credential cache 35*7c478bd9Sstevel@tonic-gate */ 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #include <k5-int.h> 38*7c478bd9Sstevel@tonic-gate 39*7c478bd9Sstevel@tonic-gate /* 40*7c478bd9Sstevel@tonic-gate * Solaris Kerberos: the following is specific to the Macintosh 41*7c478bd9Sstevel@tonic-gate */ 42*7c478bd9Sstevel@tonic-gate #if defined(USE_LOGIN_LIBRARY) && defined(macintosh) 43*7c478bd9Sstevel@tonic-gate #include <KerberosLoginInternal.h> 44*7c478bd9Sstevel@tonic-gate #endif 45*7c478bd9Sstevel@tonic-gate 46*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV 47*7c478bd9Sstevel@tonic-gate krb5_cc_default(context, ccache) 48*7c478bd9Sstevel@tonic-gate krb5_context context; 49*7c478bd9Sstevel@tonic-gate krb5_ccache FAR *ccache; 50*7c478bd9Sstevel@tonic-gate { 51*7c478bd9Sstevel@tonic-gate krb5_error_code retval; 52*7c478bd9Sstevel@tonic-gate krb5_os_context os_ctx; 53*7c478bd9Sstevel@tonic-gate 54*7c478bd9Sstevel@tonic-gate if (!context || context->magic != KV5M_CONTEXT) 55*7c478bd9Sstevel@tonic-gate return KV5M_CONTEXT; 56*7c478bd9Sstevel@tonic-gate 57*7c478bd9Sstevel@tonic-gate os_ctx = context->os_context; 58*7c478bd9Sstevel@tonic-gate 59*7c478bd9Sstevel@tonic-gate retval = krb5_cc_resolve(context, krb5_cc_default_name(context), ccache); 60*7c478bd9Sstevel@tonic-gate if (!retval && ccache && !os_ctx->default_ccprincipal) { 61*7c478bd9Sstevel@tonic-gate /* We got a ccache... remember what principal is associated with it */ 62*7c478bd9Sstevel@tonic-gate if (krb5_cc_get_principal (context, *ccache, &os_ctx->default_ccprincipal) != 0) 63*7c478bd9Sstevel@tonic-gate os_ctx->default_ccprincipal = 0; 64*7c478bd9Sstevel@tonic-gate } 65*7c478bd9Sstevel@tonic-gate return retval; 66*7c478bd9Sstevel@tonic-gate } 67*7c478bd9Sstevel@tonic-gate 68*7c478bd9Sstevel@tonic-gate /* This is the internal function which opens the default ccache. On platforms supporting 69*7c478bd9Sstevel@tonic-gate the login library's automatic popup dialog to get tickets, this function also updated the 70*7c478bd9Sstevel@tonic-gate library's internal view of the current principal associated with this cache. 71*7c478bd9Sstevel@tonic-gate 72*7c478bd9Sstevel@tonic-gate All krb5 and GSS functions which need to open a cache to get a tgt to obtain service tickets 73*7c478bd9Sstevel@tonic-gate should call this function, not krb5_cc_default() */ 74*7c478bd9Sstevel@tonic-gate 75*7c478bd9Sstevel@tonic-gate KRB5_DLLIMP krb5_error_code KRB5_CALLCONV 76*7c478bd9Sstevel@tonic-gate krb5int_cc_default(context, ccache) 77*7c478bd9Sstevel@tonic-gate krb5_context context; 78*7c478bd9Sstevel@tonic-gate krb5_ccache FAR *ccache; 79*7c478bd9Sstevel@tonic-gate { 80*7c478bd9Sstevel@tonic-gate /* 81*7c478bd9Sstevel@tonic-gate * Solaris Kerberos: the following is specific to the Macintosh 82*7c478bd9Sstevel@tonic-gate */ 83*7c478bd9Sstevel@tonic-gate #if defined(USE_LOGIN_LIBRARY) && defined(macintosh) 84*7c478bd9Sstevel@tonic-gate { 85*7c478bd9Sstevel@tonic-gate /* make sure the default cache has tix before you open it */ 86*7c478bd9Sstevel@tonic-gate char *outCacheName; 87*7c478bd9Sstevel@tonic-gate KLPrincipal desiredPrincipal = nil; 88*7c478bd9Sstevel@tonic-gate krb5_principal desiredKrb5Principal; 89*7c478bd9Sstevel@tonic-gate krb5_error_code err; 90*7c478bd9Sstevel@tonic-gate krb5_os_context os_ctx; 91*7c478bd9Sstevel@tonic-gate 92*7c478bd9Sstevel@tonic-gate if (!context || context->magic != KV5M_CONTEXT) 93*7c478bd9Sstevel@tonic-gate return KV5M_CONTEXT; 94*7c478bd9Sstevel@tonic-gate 95*7c478bd9Sstevel@tonic-gate os_ctx = context->os_context; 96*7c478bd9Sstevel@tonic-gate 97*7c478bd9Sstevel@tonic-gate desiredKrb5Principal = os_ctx->default_ccprincipal; 98*7c478bd9Sstevel@tonic-gate 99*7c478bd9Sstevel@tonic-gate /* do we want a specific client principal? */ 100*7c478bd9Sstevel@tonic-gate if (desiredKrb5Principal != NULL) { 101*7c478bd9Sstevel@tonic-gate char *desiredName; 102*7c478bd9Sstevel@tonic-gate 103*7c478bd9Sstevel@tonic-gate err = krb5_unparse_name (context, desiredKrb5Principal, &desiredName); 104*7c478bd9Sstevel@tonic-gate if (!err) { 105*7c478bd9Sstevel@tonic-gate err = KLCreatePrincipalFromString (desiredName, 106*7c478bd9Sstevel@tonic-gate kerberosVersion_V5, &desiredPrincipal); 107*7c478bd9Sstevel@tonic-gate krb5_free_unparsed_name (context, desiredName); 108*7c478bd9Sstevel@tonic-gate if (err != klNoErr) 109*7c478bd9Sstevel@tonic-gate desiredPrincipal = nil; 110*7c478bd9Sstevel@tonic-gate } 111*7c478bd9Sstevel@tonic-gate } 112*7c478bd9Sstevel@tonic-gate 113*7c478bd9Sstevel@tonic-gate /* Try to make sure a krb5 tgt is in the cache */ 114*7c478bd9Sstevel@tonic-gate err = __KLInternalAcquireTicketsForCache (desiredPrincipal, krb5_cc_default_name(context), 115*7c478bd9Sstevel@tonic-gate kerberosVersion_V5, nil, &outCacheName); 116*7c478bd9Sstevel@tonic-gate if (err == klNoErr) { 117*7c478bd9Sstevel@tonic-gate /* This function tries to get tickets and put them in the specified 118*7c478bd9Sstevel@tonic-gate cache, however, if the cache does not exist, it may choose to put 119*7c478bd9Sstevel@tonic-gate them elsewhere (ie: the system default) so we set that here */ 120*7c478bd9Sstevel@tonic-gate if (strcmp (krb5_cc_default_name (context), outCacheName) != 0) { 121*7c478bd9Sstevel@tonic-gate krb5_cc_set_default_name (context, outCacheName); 122*7c478bd9Sstevel@tonic-gate } 123*7c478bd9Sstevel@tonic-gate KLDisposeString (outCacheName); 124*7c478bd9Sstevel@tonic-gate } 125*7c478bd9Sstevel@tonic-gate 126*7c478bd9Sstevel@tonic-gate if (desiredPrincipal != nil) 127*7c478bd9Sstevel@tonic-gate KLDisposePrincipal (desiredPrincipal); 128*7c478bd9Sstevel@tonic-gate } 129*7c478bd9Sstevel@tonic-gate #endif 130*7c478bd9Sstevel@tonic-gate 131*7c478bd9Sstevel@tonic-gate return krb5_cc_default (context, ccache); 132*7c478bd9Sstevel@tonic-gate } 133