Merge branch 'kdc-tester'
This commit is contained in:
Nicolas Williams
@@ -76,13 +76,76 @@ send_to_kdc(krb5_context c, void *ptr, krb5_krbhst_info *hi, time_t timeout,
|
||||
*
|
||||
*/
|
||||
|
||||
static krb5_ccache fast_ccache = NULL;
|
||||
static void
|
||||
get_fast_armor_ccache(const char *fast_armor_princ, const char *keytab,
|
||||
krb5_ccache *cc)
|
||||
{
|
||||
krb5_keytab kt = NULL;
|
||||
krb5_init_creds_context ctx;
|
||||
krb5_principal princ;
|
||||
krb5_creds creds;
|
||||
krb5_error_code ret;
|
||||
|
||||
if (fast_ccache) {
|
||||
*cc = fast_ccache;
|
||||
return;
|
||||
}
|
||||
|
||||
ret = krb5_parse_name(kdc_context, fast_armor_princ, &princ);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_parse_name");
|
||||
|
||||
if (keytab) {
|
||||
ret = krb5_kt_resolve(kdc_context, keytab, &kt);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_kt_resolve");
|
||||
} else {
|
||||
ret = krb5_kt_default(kdc_context, &kt);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_kt_default");
|
||||
}
|
||||
|
||||
ret = krb5_cc_new_unique(kdc_context, "MEMORY", NULL, &fast_ccache);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_cc_new_unique");
|
||||
|
||||
ret = krb5_cc_initialize(kdc_context, fast_ccache, princ);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_cc_initialize");
|
||||
|
||||
ret = krb5_init_creds_init(kdc_context, princ, NULL, NULL, 0, NULL, &ctx);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_init_creds_init");
|
||||
|
||||
ret = krb5_init_creds_set_keytab(kdc_context, ctx, kt);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_init_creds_set_keytab");
|
||||
|
||||
ret = krb5_init_creds_get(kdc_context, ctx);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_init_creds_get");
|
||||
|
||||
ret = krb5_init_creds_get_creds(kdc_context, ctx, &creds);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_init_creds_get_creds");
|
||||
|
||||
ret = krb5_cc_store_cred(kdc_context, fast_ccache, &creds);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_cc_store_cred");
|
||||
*cc = fast_ccache;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static void
|
||||
eval_kinit(heim_dict_t o)
|
||||
{
|
||||
heim_string_t user, password, keytab;
|
||||
heim_string_t user, password, keytab, fast_armor_princ;
|
||||
krb5_init_creds_context ctx;
|
||||
krb5_principal client;
|
||||
krb5_keytab kt = NULL;
|
||||
krb5_ccache fast_cc;
|
||||
krb5_error_code ret;
|
||||
|
||||
if (ptop)
|
||||
@@ -104,6 +167,13 @@ eval_kinit(heim_dict_t o)
|
||||
ret = krb5_init_creds_init(kdc_context, client, NULL, NULL, 0, NULL, &ctx);
|
||||
if (ret)
|
||||
krb5_err(kdc_context, 1, ret, "krb5_init_creds_init");
|
||||
|
||||
fast_armor_princ = heim_dict_get_value(o, HSTR("fast-armor-princ"));
|
||||
if (fast_armor_princ != NULL) {
|
||||
get_fast_armor_ccache(heim_string_get_utf8(fast_armor_princ),
|
||||
heim_string_get_utf8(keytab), &fast_cc);
|
||||
ret = krb5_init_creds_set_fast_ccache(kdc_context, ctx, fast_cc);
|
||||
}
|
||||
|
||||
if (password) {
|
||||
ret = krb5_init_creds_set_password(kdc_context, ctx,
|
||||
|
||||
@@ -154,10 +154,10 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx)
|
||||
free(ctx->password);
|
||||
}
|
||||
/*
|
||||
* FAST state
|
||||
* FAST state (we don't close the armor_ccache because we might have
|
||||
* to destroy it, and how would we know? also, the caller should
|
||||
* take care of cleaning up the armor_ccache).
|
||||
*/
|
||||
if (ctx->fast_state.armor_ccache)
|
||||
krb5_cc_close(context, ctx->fast_state.armor_ccache);
|
||||
if (ctx->fast_state.armor_crypto)
|
||||
krb5_crypto_destroy(context, ctx->fast_state.armor_crypto);
|
||||
krb5_free_keyblock_contents(context, &ctx->fast_state.armor_key);
|
||||
|
||||
@@ -772,6 +772,8 @@ HEIMDAL_KRB5_2.0 {
|
||||
krb5_init_creds_set_fast_ccache;
|
||||
krb5_init_creds_set_keytab;
|
||||
krb5_init_creds_get;
|
||||
krb5_init_creds_get_creds;
|
||||
krb5_init_creds_get_error;
|
||||
krb5_init_creds_set_password;
|
||||
krb5_init_creds_store;
|
||||
krb5_init_creds_free;
|
||||
|
||||
@@ -70,8 +70,10 @@ ${kadmin} \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults ${server}@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} foo@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
|
||||
|
||||
echo "password"
|
||||
${kdc_tester} ${srcdir}/kdc-tester1.json || exit 1
|
||||
@@ -79,5 +81,8 @@ ${kdc_tester} ${srcdir}/kdc-tester1.json || exit 1
|
||||
echo "keytab"
|
||||
${kdc_tester} ${srcdir}/kdc-tester2.json || exit 1
|
||||
|
||||
echo "fast + keytab"
|
||||
${kdc_tester} ${srcdir}/kdc-tester3.json || exit 1
|
||||
|
||||
|
||||
exit $ec
|
||||
|
||||
Reference in New Issue
Block a user