57 #define NXT_TGT_IS_CACHED(ts)			\
58 	((ts)->nxt_tgt == (ts)->cur_cc_tgt)
60 #define MARK_CUR_CC_TGT_CLEAN(ts)			\
62 	(ts)->cc_tgts.dirty[(ts)->cc_tgts.cur] = 0;	\
106 #define TR_DBG(ts, prog) tr_dbg(ts, prog)
107 #define TR_DBG_RET(ts, prog, ret) tr_dbg_ret(ts, prog, ret)
108 #define TR_DBG_RTREE(ts, prog, princ) tr_dbg_rtree(ts, prog, princ)
116 #define TR_DBG(ts, prog)
117 #define TR_DBG_RET(ts, prog, ret)
118 #define TR_DBG_RTREE(ts, prog, princ)
190 init_cc_tgts(struct tr_state *ts)
193     ts->cc_tgts.cur = 0;
194     ts->cc_tgts.nxt = 1;
195     ts->cur_cc_tgt = &ts->cc_tgts.cred[0];
196     ts->nxt_cc_tgt = &ts->cc_tgts.cred[1];
207 shift_cc_tgts(struct tr_state *ts)
212     rb = &ts->cc_tgts;
215     ts->cur_cc_tgt = ts->nxt_cc_tgt;
220     ts->nxt_cc_tgt = &rb->cred[i];
222 	krb5_free_cred_contents(ts->ctx, &rb->cred[i]);
233 clean_cc_tgts(struct tr_state *ts)
238     rb = &ts->cc_tgts;
241 	    krb5_free_cred_contents(ts->ctx, &rb->cred[i]);
252 tr_dbg(struct tr_state *ts, const char *prog)
258     retval = krb5_unparse_name(ts->ctx, ts->cur_tgt->server, &cur_tgt_str);
260     retval = krb5_unparse_name(ts->ctx, *ts->cur_kdc, &cur_kdc_str);
262     retval = krb5_unparse_name(ts->ctx, *ts->nxt_kdc, &nxt_kdc_str);
269 	krb5_free_unparsed_name(ts->ctx, cur_tgt_str);
271 	krb5_free_unparsed_name(ts->ctx, cur_kdc_str);
273 	krb5_free_unparsed_name(ts->ctx, nxt_kdc_str);
277 tr_dbg_ret(struct tr_state *ts, const char *prog, krb5_error_code ret)
284 tr_dbg_rtree(struct tr_state *ts, const char *prog, krb5_principal princ)
288     if (krb5_unparse_name(ts->ctx, princ, &str))
291     krb5_free_unparsed_name(ts->ctx, str);
338 init_rtree(struct tr_state *ts,
343     ts->kdc_list = NULL;
344     retval = krb5_walk_realm_tree(ts->ctx, krb5_princ_realm(ts->ctx, client),
345 				  krb5_princ_realm(ts->ctx, server),
346 				  &ts->kdc_list, KRB5_REALM_BRANCH_CHAR);
350     for (ts->nkdcs = 0; ts->kdc_list[ts->nkdcs]; ts->nkdcs++) {
351 	assert(krb5_princ_size(ts->ctx, ts->kdc_list[ts->nkdcs]) == 2);
352 	TR_DBG_RTREE(ts, "init_rtree", ts->kdc_list[ts->nkdcs]);
354     assert(ts->nkdcs > 1);
355     ts->lst_kdc = ts->kdc_list + ts->nkdcs - 1;
357     ts->kdc_tgts = calloc(ts->nkdcs + 1, sizeof(krb5_creds));
358     if (ts->kdc_tgts == NULL)
370 retr_local_tgt(struct tr_state *ts, krb5_principal client)
376     retval = tgt_mcred(ts->ctx, client, client, client, &tgtq);
381     retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache,
383 				   &tgtq, ts->nxt_cc_tgt);
384     krb5_free_cred_contents(ts->ctx, &tgtq);
386 	shift_cc_tgts(ts);
387 	ts->nxt_tgt = ts->cur_tgt = ts->cur_cc_tgt;
399 try_ccache(struct tr_state *ts, krb5_creds *tgtq)
404     TR_DBG(ts, "try_ccache");
411     if ((retval = krb5_timeofday(ts->ctx, &(tgtq->times.endtime))) != 0) {
415     retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache, RETR_FLAGS,
416 				   tgtq, ts->nxt_cc_tgt);
418 	shift_cc_tgts(ts);
419 	ts->nxt_tgt = ts->cur_cc_tgt;
428     TR_DBG_RET(ts, "try_ccache", retval);
457 find_nxt_kdc(struct tr_state *ts)
462     TR_DBG(ts, "find_nxt_kdc");
466    * ts->nxt points to a cached ticket and not to a freshly
467    * fetched TGT in ts->kdc_tgts. See changes in try_kdc()
469   /*  assert(ts->nxt_tgt == ts->kdc_tgts[ts->ntgts-1]); */
470     if (krb5_princ_size(ts->ctx, ts->nxt_tgt->server) != 2) {
473 	int err = krb5_unparse_name(ts->ctx, ts->nxt_tgt->server, &s_name);
475 	    krb5_set_error_message(ts->ctx, KRB5_KDCREP_MODIFIED,
479 	    krb5_free_unparsed_name(ts->ctx, s_name);
481 	    krb5_set_error_message(ts->ctx, KRB5_KDCREP_MODIFIED,
486     r1 = krb5_princ_component(ts->ctx, ts->nxt_tgt->server, 1);
488     for (kdcptr = ts->cur_kdc + 1; *kdcptr != NULL; kdcptr++) {
490 	r2 = krb5_princ_component(ts->ctx, *kdcptr, 1);
509 	if (ts->ntgts > 0 && ts->nxt_tgt == ts->kdc_tgts[ts->ntgts-1]) {
511 	    krb5_free_creds(ts->ctx, ts->kdc_tgts[--ts->ntgts]);
512 	    ts->kdc_tgts[ts->ntgts] = NULL;
514 	TR_DBG_RET(ts, "find_nxt_kdc", KRB5_KDCREP_MODIFIED);
515 	krb5_set_error_message(ts->ctx, KRB5_KDCREP_MODIFIED,
520     ts->nxt_kdc = kdcptr;
521     TR_DBG_RET(ts, "find_nxt_kdc", 0);
532 try_kdc(struct tr_state *ts, krb5_creds *tgtq)
538     TR_DBG(ts, "try_kdc");
540     if (!krb5_c_valid_enctype(ts->cur_tgt->keyblock.enctype))
545     ltgtq.ticket_flags = ts->cur_tgt->ticket_flags;
549      * want to add it to ts->kdc_tgts if it is already in
552     retval = krb5_get_cred_via_tkt(ts->ctx, ts->cur_tgt,
554 				   ts->cur_tgt->addresses,
557 	ts->ntgts--;
558 	ts->nxt_tgt = ts->cur_tgt;
559 	TR_DBG_RET(ts, "try_kdc", retval);
569     if (!(krb5_principal_compare(ts->ctx, tgtq->server, tmp_out_cred->server))) {
571 	    retval = try_ccache(ts, tmp_out_cred);
573 	        krb5_free_creds(ts->ctx, tmp_out_cred);
574 	        retval = find_nxt_kdc(ts);
579     ts->kdc_tgts[ts->ntgts++] = tmp_out_cred;
580     ts->nxt_tgt = ts->kdc_tgts[ts->ntgts-1];
581     retval = find_nxt_kdc(ts);
582     TR_DBG_RET(ts, "try_kdc", retval);
597 kdc_mcred(struct tr_state *ts, krb5_principal client, krb5_creds *mcreds)
605     rdst = krb5_princ_component(ts->ctx, *ts->nxt_kdc, 1);
606     rsrc = krb5_princ_component(ts->ctx, *ts->cur_kdc, 1);
607     retval = krb5_copy_principal(ts->ctx, client, &mcreds->client);
611     retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcreds->server);
617 	krb5_free_cred_contents(ts->ctx, mcreds);
630 next_closest_tgt(struct tr_state *ts, krb5_principal client)
638     for (ts->nxt_kdc = ts->lst_kdc;
639 	 ts->nxt_kdc > ts->cur_kdc;
640 	 ts->nxt_kdc--) {
642 	krb5_free_cred_contents(ts->ctx, &tgtq);
643 	retval = kdc_mcred(ts, client, &tgtq);
647 	if (ts->cur_kdc != ts->kdc_list || ts->nxt_kdc != ts->lst_kdc) {
648 	    retval = try_ccache(ts, &tgtq);
655 	retval = try_kdc(ts, &tgtq);
671     krb5_free_cred_contents(ts->ctx, &tgtq);
775     struct tr_state state, *ts;
779     ts = &state;
780     memset(ts, 0, sizeof(*ts));
781     ts->ctx = ctx;
782     ts->ccache = ccache;
783     init_cc_tgts(ts);
785     retval = init_rtree(ts, client, server);
789     retval = retr_local_tgt(ts, client);
793     for (ts->cur_kdc = ts->kdc_list, ts->nxt_kdc = NULL;
794 	 ts->cur_kdc != NULL && ts->cur_kdc < ts->lst_kdc;
795 	 ts->cur_kdc = ts->nxt_kdc, ts->cur_tgt = ts->nxt_tgt) {
797 	retval = next_closest_tgt(ts, client);
800 	assert(ts->cur_kdc != ts->nxt_kdc);
803     if (NXT_TGT_IS_CACHED(ts)) {
804 	*out_cc_tgt = *ts->cur_cc_tgt;
806 	MARK_CUR_CC_TGT_CLEAN(ts);
809 	*out_tgt = ts->nxt_tgt;
813     clean_cc_tgts(ts);
814     if (ts->kdc_list != NULL)
815 	krb5_free_realm_tree(ctx, ts->kdc_list);
816     if (ts->ntgts == 0) {
818 	if (ts->kdc_tgts != NULL)
819 	    free(ts->kdc_tgts);
821 	*out_kdc_tgts = ts->kdc_tgts;

Indexes created Tue Jul 24 14:28:13 CEST 2018