struct _krb5_tkt_creds_context;
typedef struct _krb5_tkt_creds_context *krb5_tkt_creds_context;
+/**
+ * Create a context to get credentials from a KDC's Ticket Granting Service.
+ *
+ * The resulting TGS acquisition context can be used asynchronously with
+ * krb5_tkt_creds_step() or synchronously with krb5_tkt_creds_get(). See also
+ * krb5_get_credentials() for synchrous use.
+ *
+ * @param[in] context A krb5 library context (see krb5_init_context())
+ * @param[in] ccache A credentials cache containing a Ticket Granting Ticket
+ * (TGT) for the client realm. Cross-realm TGTs may be
+ * stored into this cache.
+ * @param[in] options KRB5_GC_* options for this request.
+ * @param[out] ctx The TGS acquisition context.
+ */
krb5_error_code KRB5_CALLCONV
krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache,
- krb5_creds *creds, int kdcopt, krb5_tkt_creds_context *ctx);
+ krb5_creds *creds, krb5_flags options,
+ krb5_tkt_creds_context *ctx);
+/**
+ * Synchronously obtain credentials within an acquisition context.
+ *
+ * This function repeatedly generates requests, sends them to the appropriate
+ * realms' KDCs, and processes the replies until credentials are available for
+ * retrieval with krb5_tkt_creds_get_creds().
+ *
+ * @param[in] context A krb5 library context (see krb5_init_context())
+ * @param[in] ctx A TGS acquisition context (see krb5_tkt_creds_init())
+ */
krb5_error_code KRB5_CALLCONV
krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx);
+/**
+ * Retrieve credentials from an acquisition context, filling in @a creds. The
+ * acquisition context must have completed obtaining credentials via either
+ * krb5_tkt_creds_get() or krb5_tkt_creds_step().
+ *
+ * @param[in] context A krb5 library context (see krb5_init_context())
+ * @param[in] ctx A TGS acquisition context (see krb5_tkt_creds_init())
+ * @param[out] creds The acquired credentials
+ */
krb5_error_code KRB5_CALLCONV
krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx,
krb5_creds *creds);
krb5_principal server; /* Server principal (alias) */
krb5_principal req_server; /* Caller-requested server principal */
krb5_ccache ccache; /* Caller-provided ccache (alias) */
- int req_kdcopt; /* Caller-requested KDC options */
+ krb5_flags req_options; /* Caller-requested KRB5_GC_* options */
+ krb5_flags req_kdcopt; /* Caller-requested options as KDC options */
krb5_authdata **authdata; /* Caller-requested authdata */
/* The following fields are used in multiple steps. */
krb5_error_code KRB5_CALLCONV
krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache,
- krb5_creds *in_creds, int kdcopt,
+ krb5_creds *in_creds, krb5_flags options,
krb5_tkt_creds_context *pctx)
{
krb5_error_code code;
if (ctx == NULL)
goto cleanup;
+ ctx->req_options = options;
+ ctx->req_kdcopt = 0;
+ if (options & KRB5_GC_CANONICALIZE)
+ ctx->req_kdcopt |= KDC_OPT_CANONICALIZE;
+ if (options & KRB5_GC_FORWARDABLE)
+ ctx->req_kdcopt |= KDC_OPT_FORWARDABLE;
+ if (options & KRB5_GC_NO_TRANSIT_CHECK)
+ ctx->req_kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK;
+ if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
+ if (options & KRB5_GC_USER_USER) {
+ code = EINVAL;
+ goto cleanup;
+ }
+ ctx->req_kdcopt |= KDC_OPT_FORWARDABLE | KDC_OPT_CNAME_IN_ADDL_TKT;
+ }
+
ctx->state = STATE_BEGIN;
ctx->cache_code = KRB5_CC_NOTFOUND;
code = krb5_cc_dup(context, ccache, &ctx->ccache);
if (code != 0)
goto cleanup;
- ctx->req_kdcopt = kdcopt;
code = krb5_copy_authdata(context, in_creds->authdata, &ctx->authdata);
if (code != 0)
goto cleanup;
krb5_creds mcreds, *ncreds = NULL;
krb5_flags fields;
krb5_boolean not_ktype = FALSE;
- int kdcopt = 0;
*out_creds = NULL;
goto cleanup;
}
- if (options & KRB5_GC_CANONICALIZE)
- kdcopt |= KDC_OPT_CANONICALIZE;
- if (options & KRB5_GC_FORWARDABLE)
- kdcopt |= KDC_OPT_FORWARDABLE;
- if (options & KRB5_GC_NO_TRANSIT_CHECK)
- kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK;
- if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
- if (options & KRB5_GC_USER_USER) {
- retval = EINVAL;
- goto cleanup;
-
- }
- kdcopt |= KDC_OPT_FORWARDABLE | KDC_OPT_CNAME_IN_ADDL_TKT;
- }
-
/* Get the credential from the KDC. */
- retval = get_tkt_creds(context, ccache, in_creds, kdcopt, ncreds);
+ retval = get_tkt_creds(context, ccache, in_creds, options, ncreds);
if (retval != 0)
goto cleanup;
projects / thirdparty / krb5.git / commitdiff
