oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add fast armor bits

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-05-14 19:44:27 -07:00
committed by Love Hörnquist Åstrand
parent b6e56322f3
commit 3f0a3c4795
1 changed files with 44 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
kuser/kinit.c
View File

@@ -74,6 +74,7 @@ int pk_use_enckey = 0;
static int canonicalize_flag = 0; static int canonicalize_flag = 0;
static int enterprise_flag = 0; static int enterprise_flag = 0;
static int ok_as_delegate_flag = 0; static int ok_as_delegate_flag = 0;
static char *fast_armor_cache_string = NULL;
static int use_referrals_flag = 0; static int use_referrals_flag = 0;
static int windows_flag = 0; static int windows_flag = 0;
#ifndef NO_NTLM #ifndef NO_NTLM
@@ -187,6 +188,9 @@ static struct getargs args[] = {
{ "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag,
NP_("honor ok-as-delegate on tickets", ""), NULL }, NP_("honor ok-as-delegate on tickets", ""), NULL },
{ "fast-armor-cache", 0, arg_string, &fast_armor_cache_string,
NP_("use this credential cache as FAST armor cache", ""), "cache" },
{ "use-referrals", 0, arg_flag, &use_referrals_flag, { "use-referrals", 0, arg_flag, &use_referrals_flag,
NP_("only use referrals, no dns canalisation", ""), NULL }, NP_("only use referrals, no dns canalisation", ""), NULL },
@@ -360,6 +364,8 @@ get_new_tickets(krb5_context context,
const char *renewstr = NULL; const char *renewstr = NULL;
krb5_enctype *enctype = NULL; krb5_enctype *enctype = NULL;
krb5_ccache tempccache; krb5_ccache tempccache;
krb5_keytab kt = NULL;
krb5_init_creds_context ctx;
#ifndef NO_NTLM #ifndef NO_NTLM
struct ntlm_buf ntlmkey; struct ntlm_buf ntlmkey;
memset(&ntlmkey, 0, sizeof(ntlmkey)); memset(&ntlmkey, 0, sizeof(ntlmkey));
@@ -498,32 +504,37 @@ get_new_tickets(krb5_context context,
etype_str.num_strings); etype_str.num_strings);
} }
ret = krb5_init_creds_init(context, principal, krb5_prompter_posix, NULL, start_time, opt, &ctx);
if (ret)
krb5_err(context, 1, ret, "krb5_init_creds_init");
if (fast_armor_cache_string) {
krb5_ccache fastid;
ret = krb5_cc_resolve(context, fast_armor_cache_string, &fastid);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_resolve(FAST cache)");
ret = krb5_init_creds_set_fast_ccache(context, ctx, fastid);
if (ret)
krb5_err(context, 1, ret, "krb5_init_creds_set_fast_ccache");
}
if(use_keytab || keytab_str) { if(use_keytab || keytab_str) {
krb5_keytab kt;
if(keytab_str) if(keytab_str)
ret = krb5_kt_resolve(context, keytab_str, &kt); ret = krb5_kt_resolve(context, keytab_str, &kt);
else else
ret = krb5_kt_default(context, &kt); ret = krb5_kt_default(context, &kt);
if (ret) if (ret)
krb5_err (context, 1, ret, "resolving keytab"); krb5_err(context, 1, ret, "resolving keytab");
ret = krb5_get_init_creds_keytab (context,
&cred, ret = krb5_init_creds_set_keytab(context, ctx, kt);
principal, if (ret)
kt, krb5_err(context, 1, ret, "krb5_init_creds_set_keytab");
start_time,
server_str,
opt);
krb5_kt_close(context, kt);
} else if (pk_user_id || ent_user_id || anonymous_flag) { } else if (pk_user_id || ent_user_id || anonymous_flag) {
ret = krb5_get_init_creds_password (context,
&cred,
principal,
passwd,
krb5_prompter_posix,
NULL,
start_time,
server_str,
opt);
} else if (!interactive) { } else if (!interactive) {
krb5_warnx(context, "Not interactive, failed to get initial ticket"); krb5_warnx(context, "Not interactive, failed to get initial ticket");
krb5_get_init_creds_opt_free(context, opt); krb5_get_init_creds_opt_free(context, opt);
@@ -539,22 +550,20 @@ get_new_tickets(krb5_context context,
if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
memset(passwd, 0, sizeof(passwd)); memset(passwd, 0, sizeof(passwd));
exit(1); errx(1, "failed to read password");
} }
free (prompt); free (prompt);
} }
if (passwd[0]) {
ret = krb5_get_init_creds_password (context, ret = krb5_init_creds_set_password(context, ctx, passwd);
&cred, if (ret)
principal, krb5_err(context, 1, ret, "krb5_init_creds_set_password");
passwd, }
krb5_prompter_posix,
NULL,
start_time,
server_str,
opt);
} }
ret = krb5_init_creds_get(context, ctx);
krb5_get_init_creds_opt_free(context, opt); krb5_get_init_creds_opt_free(context, opt);
#ifndef NO_NTLM #ifndef NO_NTLM
if (ntlm_domain && passwd[0]) if (ntlm_domain && passwd[0])
@@ -603,15 +612,11 @@ get_new_tickets(krb5_context context,
if (ret) if (ret)
krb5_err (context, 1, ret, "krb5_cc_new_unique"); krb5_err (context, 1, ret, "krb5_cc_new_unique");
ret = krb5_cc_initialize (context, tempccache, cred.client); ret = krb5_init_creds_store(context, ctx, tempccache);
if (ret) if (ret)
krb5_err (context, 1, ret, "krb5_cc_initialize"); krb5_err(context, 1, ret, "krb5_init_creds_store");
ret = krb5_cc_store_cred (context, tempccache, &cred); krb5_init_creds_free(context, ctx);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_store_cred");
krb5_free_cred_contents (context, &cred);
ret = krb5_cc_move(context, tempccache, ccache); ret = krb5_cc_move(context, tempccache, ccache);
if (ret) if (ret)
@@ -640,7 +645,8 @@ get_new_tickets(krb5_context context,
krb5_cc_set_config(context, ccache, NULL, "realm-config", &data); krb5_cc_set_config(context, ccache, NULL, "realm-config", &data);
} }
if (kt)
krb5_kt_close(context, kt);
if (enctype) if (enctype)
free(enctype); free(enctype);