oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add fast armor bits

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-05-14 19:44:27 -07:00
committed by Love Hörnquist Åstrand
parent b6e56322f3
commit 3f0a3c4795
1 changed files with 44 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
kuser/kinit.c
View File

@@ -74,6 +74,7 @@ int pk_use_enckey = 0;
static int canonicalize_flag = 0;
static int enterprise_flag = 0;
static int ok_as_delegate_flag = 0;
static char *fast_armor_cache_string = NULL;
static int use_referrals_flag = 0;
static int windows_flag = 0;
#ifndef NO_NTLM
@@ -187,6 +188,9 @@ static struct getargs args[] = {
{ "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag,
NP_("honor ok-as-delegate on tickets", ""), NULL },
{ "fast-armor-cache", 0, arg_string, &fast_armor_cache_string,
NP_("use this credential cache as FAST armor cache", ""), "cache" },
{ "use-referrals", 0, arg_flag, &use_referrals_flag,
NP_("only use referrals, no dns canalisation", ""), NULL },
@@ -360,6 +364,8 @@ get_new_tickets(krb5_context context,
const char *renewstr = NULL;
krb5_enctype *enctype = NULL;
krb5_ccache tempccache;
krb5_keytab kt = NULL;
krb5_init_creds_context ctx;
#ifndef NO_NTLM
struct ntlm_buf ntlmkey;
memset(&ntlmkey, 0, sizeof(ntlmkey));
@@ -498,32 +504,37 @@ get_new_tickets(krb5_context context,
etype_str.num_strings);
}
ret = krb5_init_creds_init(context, principal, krb5_prompter_posix, NULL, start_time, opt, &ctx);
if (ret)
krb5_err(context, 1, ret, "krb5_init_creds_init");
if (fast_armor_cache_string) {
krb5_ccache fastid;
ret = krb5_cc_resolve(context, fast_armor_cache_string, &fastid);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_resolve(FAST cache)");
ret = krb5_init_creds_set_fast_ccache(context, ctx, fastid);
if (ret)
krb5_err(context, 1, ret, "krb5_init_creds_set_fast_ccache");
}
if(use_keytab || keytab_str) {
krb5_keytab kt;
if(keytab_str)
ret = krb5_kt_resolve(context, keytab_str, &kt);
else
ret = krb5_kt_default(context, &kt);
if (ret)
krb5_err (context, 1, ret, "resolving keytab");
ret = krb5_get_init_creds_keytab (context,
&cred,
principal,
kt,
start_time,
server_str,
opt);
krb5_kt_close(context, kt);
krb5_err(context, 1, ret, "resolving keytab");
ret = krb5_init_creds_set_keytab(context, ctx, kt);
if (ret)
krb5_err(context, 1, ret, "krb5_init_creds_set_keytab");
} else if (pk_user_id || ent_user_id || anonymous_flag) {
ret = krb5_get_init_creds_password (context,
&cred,
principal,
passwd,
krb5_prompter_posix,
NULL,
start_time,
server_str,
opt);
} else if (!interactive) {
krb5_warnx(context, "Not interactive, failed to get initial ticket");
krb5_get_init_creds_opt_free(context, opt);
@@ -539,22 +550,20 @@ get_new_tickets(krb5_context context,
if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
memset(passwd, 0, sizeof(passwd));
exit(1);
errx(1, "failed to read password");
}
free (prompt);
}
ret = krb5_get_init_creds_password (context,
&cred,
principal,
passwd,
krb5_prompter_posix,
NULL,
start_time,
server_str,
opt);
if (passwd[0]) {
ret = krb5_init_creds_set_password(context, ctx, passwd);
if (ret)
krb5_err(context, 1, ret, "krb5_init_creds_set_password");
}
}
ret = krb5_init_creds_get(context, ctx);
krb5_get_init_creds_opt_free(context, opt);
#ifndef NO_NTLM
if (ntlm_domain && passwd[0])
@@ -603,15 +612,11 @@ get_new_tickets(krb5_context context,
if (ret)
krb5_err (context, 1, ret, "krb5_cc_new_unique");
ret = krb5_cc_initialize (context, tempccache, cred.client);
ret = krb5_init_creds_store(context, ctx, tempccache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_initialize");
krb5_err(context, 1, ret, "krb5_init_creds_store");
ret = krb5_cc_store_cred (context, tempccache, &cred);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_store_cred");
krb5_free_cred_contents (context, &cred);
krb5_init_creds_free(context, ctx);
ret = krb5_cc_move(context, tempccache, ccache);
if (ret)
@@ -640,7 +645,8 @@ get_new_tickets(krb5_context context,
krb5_cc_set_config(context, ccache, NULL, "realm-config", &data);
}
if (kt)
krb5_kt_close(context, kt);
if (enctype)
free(enctype);