From 455961839179c55a07502b55203c153711e4d3f0 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 3 May 2019 16:05:09 +1000 Subject: [PATCH] kuser: kgetcred support for anonymous service tickets --- kuser/kgetcred.1 | 3 +++ kuser/kgetcred.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/kuser/kgetcred.1 b/kuser/kgetcred.1 index 8f3e75d0e..f6c8461da 100644 --- a/kuser/kgetcred.1 +++ b/kuser/kgetcred.1 @@ -58,6 +58,7 @@ .Op Fl Fl no-transit-check .Op Fl Fl no-store .Op Fl Fl cached-only +.Op Fl n \*(Ba Fl Fl anonymous .Op Fl Fl version .Op Fl Fl help .Ar principal @@ -135,6 +136,8 @@ requests that the KDC doesn't do transit checking. do not store tickets in the ccache. .It Fl Fl cached-only do not talk the TGS, search only the ccache. +.It Fl Fl anonymous +obtain an anonymous service ticket. .It Fl Fl forwardable .It Fl Fl debug enables debug output to stderr. diff --git a/kuser/kgetcred.c b/kuser/kgetcred.c index b95bc9d05..92eb77099 100644 --- a/kuser/kgetcred.c +++ b/kuser/kgetcred.c @@ -46,6 +46,7 @@ static char *impersonate_str; static char *nametype_str; static int store_flag = 1; static int cached_only_flag; +static int anonymous_flag; static int debug_flag; static int version_flag; static int help_flag; @@ -76,6 +77,8 @@ struct getargs args[] = { NP_("don't store the tickets obtained in the cache", ""), NULL }, { "cached-only", 0, arg_flag, &cached_only_flag, NP_("don't talk to the KDC, just search the cache", ""), NULL }, + { "anonymous", 'n', arg_flag, &anonymous_flag, + NP_("request an anonymous ticket", ""), NULL }, { "debug", 0, arg_flag, &debug_flag, NULL, NULL }, { "version", 0, arg_flag, &version_flag, NULL, NULL }, { "help", 0, arg_flag, &help_flag, NULL, NULL } @@ -176,6 +179,8 @@ main(int argc, char **argv) krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_STORE); if (cached_only_flag) krb5_get_creds_opt_add_options(context, opt, KRB5_GC_CACHED); + if (anonymous_flag) + krb5_get_creds_opt_add_options(context, opt, KRB5_GC_ANONYMOUS); if (delegation_cred_str) { krb5_ccache id;