oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

allow specifying a credential cache to use for the admin principal

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14477 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-01-05 16:08:03 +00:00
parent 978ae789ab
commit 8e0cc6db4d
1 changed files with 69 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
kpasswd/kpasswd.c
View File

@@ -37,9 +37,11 @@ RCSID("$Id$");
static int version_flag; static int version_flag;
static int help_flag; static int help_flag;
static char *admin_principal_str; static char *admin_principal_str;
static char *cred_cache_str;
static struct getargs args[] = { static struct getargs args[] = {
{ "admin-principal", 0, arg_string, &admin_principal_str }, { "admin-principal", 0, arg_string, &admin_principal_str },
{ "cache", 'c', arg_string, &cred_cache_str },
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag } { "help", 0, arg_flag, &help_flag }
}; };
@@ -115,11 +117,9 @@ main (int argc, char **argv)
krb5_error_code ret; krb5_error_code ret;
krb5_context context; krb5_context context;
krb5_principal principal; krb5_principal principal;
krb5_principal admin_principal;
int optind = 0; int optind = 0;
krb5_get_init_creds_opt *opt; krb5_get_init_creds_opt *opt;
krb5_creds cred; krb5_ccache id = NULL;
krb5_ccache id;
int exit_value; int exit_value;
optind = krb5_program_setup(&context, argc, argv, optind = krb5_program_setup(&context, argc, argv,
@@ -133,8 +133,6 @@ main (int argc, char **argv)
exit(0); exit(0);
} }
admin_principal = NULL;
argc -= optind; argc -= optind;
argv += optind; argv += optind;
@@ -150,56 +148,71 @@ main (int argc, char **argv)
krb5_get_init_creds_opt_set_forwardable (opt, FALSE); krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
krb5_get_init_creds_opt_set_proxiable (opt, FALSE); krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
if (admin_principal_str) { if (cred_cache_str) {
ret = krb5_parse_name (context, admin_principal_str, &admin_principal); ret = krb5_cc_resolve(context, cred_cache_str, &id);
if (ret) if (ret)
krb5_err (context, 1, ret, "krb5_parse_name"); krb5_err (context, 1, ret, "krb5_cc_resolve");
} else if (argc == 1) {
ret = krb5_parse_name (context, argv[0], &admin_principal);
if (ret)
krb5_err (context, 1, ret, "krb5_parse_name");
} else { } else {
ret = krb5_get_default_principal (context, &admin_principal); ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
if (ret) if (ret)
krb5_err (context, 1, ret, "krb5_get_default_principal"); krb5_err (context, 1, ret, "krb5_cc_gen_new");
} }
ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); if (cred_cache_str == NULL) {
krb5_principal admin_principal = NULL;
krb5_creds cred;
ret = krb5_get_init_creds_password (context, if (admin_principal_str) {
&cred, ret = krb5_parse_name (context, admin_principal_str,
admin_principal, &admin_principal);
NULL, if (ret)
krb5_prompter_posix, krb5_err (context, 1, ret, "krb5_parse_name");
NULL, } else if (argc == 1) {
0, ret = krb5_parse_name (context, argv[0], &admin_principal);
"kadmin/changepw", if (ret)
opt); krb5_err (context, 1, ret, "krb5_parse_name");
switch (ret) { } else {
case 0: ret = krb5_get_default_principal (context, &admin_principal);
break; if (ret)
case KRB5_LIBOS_PWDINTR : krb5_err (context, 1, ret, "krb5_get_default_principal");
return 1; }
case KRB5KRB_AP_ERR_BAD_INTEGRITY :
case KRB5KRB_AP_ERR_MODIFIED : ret = krb5_get_init_creds_password (context,
krb5_errx(context, 1, "Password incorrect"); &cred,
break; admin_principal,
default: NULL,
krb5_err(context, 1, ret, "krb5_get_init_creds"); krb5_prompter_posix,
NULL,
0,
"kadmin/changepw",
opt);
switch (ret) {
case 0:
break;
case KRB5_LIBOS_PWDINTR :
return 1;
case KRB5KRB_AP_ERR_BAD_INTEGRITY :
case KRB5KRB_AP_ERR_MODIFIED :
krb5_errx(context, 1, "Password incorrect");
break;
default:
krb5_err(context, 1, ret, "krb5_get_init_creds");
}
krb5_get_init_creds_opt_free(opt);
ret = krb5_cc_initialize(context, id, admin_principal);
krb5_free_principal(context, admin_principal);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_initialize");
ret = krb5_cc_store_cred(context, id, &cred);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_store_cred");
krb5_free_cred_contents (context, &cred);
} }
krb5_get_init_creds_opt_free(opt);
ret = krb5_cc_initialize(context, id, admin_principal);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_initialize");
ret = krb5_cc_store_cred(context, id, &cred);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_store_cred");
krb5_free_cred_contents (context, &cred);
if (argc == 0) { if (argc == 0) {
exit_value = change_password(context, NULL, id); exit_value = change_password(context, NULL, id);
} else { } else {
@@ -219,9 +232,15 @@ main (int argc, char **argv)
} }
} }
ret = krb5_cc_destroy(context, id); if (cred_cache_str == NULL) {
if (ret) ret = krb5_cc_destroy(context, id);
krb5_err (context, 1, ret, "krb5_cc_destroy"); if (ret)
krb5_err (context, 1, ret, "krb5_cc_destroy");
} else {
ret = krb5_cc_close(context, id);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_close");
}
krb5_free_context (context); krb5_free_context (context);
return ret; return ret;