From 3f0a3c4795513b37b293d29e4616340a8ced5dad Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sat, 14 May 2011 19:44:27 -0700 Subject: [PATCH] Add fast armor bits --- kuser/kinit.c | 82 +++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 38 deletions(-) diff --git a/kuser/kinit.c b/kuser/kinit.c index e872fef9b..c98bb7055 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -74,6 +74,7 @@ int pk_use_enckey = 0; static int canonicalize_flag = 0; static int enterprise_flag = 0; static int ok_as_delegate_flag = 0; +static char *fast_armor_cache_string = NULL; static int use_referrals_flag = 0; static int windows_flag = 0; #ifndef NO_NTLM @@ -187,6 +188,9 @@ static struct getargs args[] = { { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, NP_("honor ok-as-delegate on tickets", ""), NULL }, + { "fast-armor-cache", 0, arg_string, &fast_armor_cache_string, + NP_("use this credential cache as FAST armor cache", ""), "cache" }, + { "use-referrals", 0, arg_flag, &use_referrals_flag, NP_("only use referrals, no dns canalisation", ""), NULL }, @@ -360,6 +364,8 @@ get_new_tickets(krb5_context context, const char *renewstr = NULL; krb5_enctype *enctype = NULL; krb5_ccache tempccache; + krb5_keytab kt = NULL; + krb5_init_creds_context ctx; #ifndef NO_NTLM struct ntlm_buf ntlmkey; memset(&ntlmkey, 0, sizeof(ntlmkey)); @@ -498,32 +504,37 @@ get_new_tickets(krb5_context context, etype_str.num_strings); } + ret = krb5_init_creds_init(context, principal, krb5_prompter_posix, NULL, start_time, opt, &ctx); + if (ret) + krb5_err(context, 1, ret, "krb5_init_creds_init"); + + if (fast_armor_cache_string) { + krb5_ccache fastid; + + ret = krb5_cc_resolve(context, fast_armor_cache_string, &fastid); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_resolve(FAST cache)"); + + ret = krb5_init_creds_set_fast_ccache(context, ctx, fastid); + if (ret) + krb5_err(context, 1, ret, "krb5_init_creds_set_fast_ccache"); + } + if(use_keytab || keytab_str) { - krb5_keytab kt; + if(keytab_str) ret = krb5_kt_resolve(context, keytab_str, &kt); else ret = krb5_kt_default(context, &kt); if (ret) - krb5_err (context, 1, ret, "resolving keytab"); - ret = krb5_get_init_creds_keytab (context, - &cred, - principal, - kt, - start_time, - server_str, - opt); - krb5_kt_close(context, kt); + krb5_err(context, 1, ret, "resolving keytab"); + + ret = krb5_init_creds_set_keytab(context, ctx, kt); + if (ret) + krb5_err(context, 1, ret, "krb5_init_creds_set_keytab"); + } else if (pk_user_id || ent_user_id || anonymous_flag) { - ret = krb5_get_init_creds_password (context, - &cred, - principal, - passwd, - krb5_prompter_posix, - NULL, - start_time, - server_str, - opt); + } else if (!interactive) { krb5_warnx(context, "Not interactive, failed to get initial ticket"); krb5_get_init_creds_opt_free(context, opt); @@ -539,22 +550,20 @@ get_new_tickets(krb5_context context, if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ memset(passwd, 0, sizeof(passwd)); - exit(1); + errx(1, "failed to read password"); } free (prompt); } - - ret = krb5_get_init_creds_password (context, - &cred, - principal, - passwd, - krb5_prompter_posix, - NULL, - start_time, - server_str, - opt); + if (passwd[0]) { + ret = krb5_init_creds_set_password(context, ctx, passwd); + if (ret) + krb5_err(context, 1, ret, "krb5_init_creds_set_password"); + } } + + ret = krb5_init_creds_get(context, ctx); + krb5_get_init_creds_opt_free(context, opt); #ifndef NO_NTLM if (ntlm_domain && passwd[0]) @@ -603,15 +612,11 @@ get_new_tickets(krb5_context context, if (ret) krb5_err (context, 1, ret, "krb5_cc_new_unique"); - ret = krb5_cc_initialize (context, tempccache, cred.client); + ret = krb5_init_creds_store(context, ctx, tempccache); if (ret) - krb5_err (context, 1, ret, "krb5_cc_initialize"); + krb5_err(context, 1, ret, "krb5_init_creds_store"); - ret = krb5_cc_store_cred (context, tempccache, &cred); - if (ret) - krb5_err (context, 1, ret, "krb5_cc_store_cred"); - - krb5_free_cred_contents (context, &cred); + krb5_init_creds_free(context, ctx); ret = krb5_cc_move(context, tempccache, ccache); if (ret) @@ -640,7 +645,8 @@ get_new_tickets(krb5_context context, krb5_cc_set_config(context, ccache, NULL, "realm-config", &data); } - + if (kt) + krb5_kt_close(context, kt); if (enctype) free(enctype);