oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

drop krb4

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-03-16 20:43:24 -07:00
parent 433b1d5073
commit a6f9dfc5ad
2 changed files with 5 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
kuser/kinit.1
View File

@@ -39,8 +39,6 @@
.Nd acquire initial tickets .Nd acquire initial tickets
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm kinit .Nm kinit
.Op Fl 4 | Fl -524init
.Op Fl 9 | Fl -524convert
.Op Fl -afslog .Op Fl -afslog
.Oo Fl c Ar cachename \*(Ba Xo .Oo Fl c Ar cachename \*(Ba Xo
.Fl -cache= Ns Ar cachename .Fl -cache= Ns Ar cachename
@@ -95,13 +93,6 @@ or if none is given, a system generated default (typically your login
name at the default realm), and acquire a ticket granting ticket that name at the default realm), and acquire a ticket granting ticket that
can later be used to obtain tickets for other services. can later be used to obtain tickets for other services.
.Pp .Pp
If you have compiled
.Nm kinit
with Kerberos 4 support and you have a
Kerberos 4 server,
.Nm
will detect this and get you Kerberos 4 tickets.
.Pp
Supported options: Supported options:
.Bl -tag -width Ds .Bl -tag -width Ds
.It Xo .It Xo
@@ -222,24 +213,6 @@ Request a ticket with no addresses.
Request an anonymous ticket (which means that the ticket will be Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically issued to an anonymous principal, typically
.Dq anonymous@REALM ) . .Dq anonymous@REALM ) .
.El
.Pp
The following options are only available if
.Nm
has been compiled with support for Kerberos 4.
.Bl -tag -width Ds
.It Xo
.Fl 4 ,
.Fl -524init
.Xc
Try to convert the obtained Kerberos 5 krbtgt to a version 4
compatible ticket.
It will store this ticket in the default Kerberos 4 ticket file.
.It Xo
.Fl 9 ,
.Fl -524convert
.Xc
only convert ticket to version 4
.It Fl -afslog .It Fl -afslog
Gets AFS tickets, converts them to version 4 format, and stores them Gets AFS tickets, converts them to version 4 format, and stores them
in the kernel. in the kernel.

112
kuser/kinit.c
View File

@@ -39,10 +39,6 @@
#include <Security/Security.h> #include <Security/Security.h>
#endif #endif
#ifndef HEIMDAL_SMALLER
#include "krb5-v4compat.h"
#endif
struct krb5_dh_moduli; struct krb5_dh_moduli;
struct AlgorithmIdentifier; struct AlgorithmIdentifier;
struct _krb5_krb_auth_data; struct _krb5_krb_auth_data;
@@ -74,11 +70,6 @@ struct getarg_strings etype_str;
int use_keytab = 0; int use_keytab = 0;
char *keytab_str = NULL; char *keytab_str = NULL;
int do_afslog = -1; int do_afslog = -1;
#ifndef HEIMDAL_SMALLER
int get_v4_tgt = -1;
int convert_524 = 0;
static char *krb4_cc_name;
#endif
int fcache_version; int fcache_version;
char *password_file = NULL; char *password_file = NULL;
char *pk_user_id = NULL; char *pk_user_id = NULL;
@@ -105,14 +96,11 @@ static struct getargs args[] = {
* P: ~p * P: ~p
* C: v4 cache name? * C: v4 cache name?
* 5: * 5:
*
* old flags
* 4:
* 9:
*/ */
#ifndef HEIMDAL_SMALLER
{ "524init", '4', arg_flag, &get_v4_tgt,
NP_("obtain version 4 TGT", "") },
{ "524convert", '9', arg_flag, &convert_524,
NP_("only convert ticket to version 4", "") },
#endif
{ "afslog", 0 , arg_flag, &do_afslog, { "afslog", 0 , arg_flag, &do_afslog,
NP_("obtain afs tokens", "") }, NP_("obtain afs tokens", "") },
@@ -239,58 +227,6 @@ get_server(krb5_context context,
KRB5_TGS_NAME, realm, NULL); KRB5_TGS_NAME, realm, NULL);
} }
#ifndef HEIMDAL_SMALLER
static krb5_error_code
do_524init(krb5_context context, krb5_ccache ccache,
krb5_creds *creds, const char *server)
{
krb5_error_code ret;
struct credentials c;
krb5_creds in_creds, *real_creds;
if(creds != NULL)
real_creds = creds;
else {
krb5_principal client;
ret = krb5_cc_get_principal(context, ccache, &client);
if (ret) {
krb5_warn(context, ret, "524init: can't get client principal");
return ret;
}
memset(&in_creds, 0, sizeof(in_creds));
ret = get_server(context, client, server, &in_creds.server);
if(ret) {
krb5_warn(context, ret, "524init: can't get server principal");
krb5_free_principal(context, client);
return ret;
}
in_creds.client = client;
ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds);
krb5_free_principal(context, client);
krb5_free_principal(context, in_creds.server);
if(ret)
return ret;
}
ret = krb524_convert_creds_kdc_ccache(context, ccache, real_creds, &c);
if(ret)
krb5_warn(context, ret, "converting creds");
else {
krb5_error_code tret = _krb5_krb_tf_setup(context, &c, NULL, 0);
if(tret)
krb5_warn(context, tret, "saving v4 creds");
}
if(creds == NULL)
krb5_free_creds(context, real_creds);
memset(&c, 0, sizeof(c));
return ret;
}
#endif
static int static int
renew_validate(krb5_context context, renew_validate(krb5_context context,
int renew, int renew,
@@ -370,10 +306,6 @@ renew_validate(krb5_context context,
if(ret == 0 && server == NULL) { if(ret == 0 && server == NULL) {
/* only do this if it's a general renew-my-tgt request */ /* only do this if it's a general renew-my-tgt request */
#ifndef HEIMDAL_SMALLER
if(get_v4_tgt)
do_524init(context, cache, out, NULL);
#endif
#ifndef NO_AFS #ifndef NO_AFS
if(do_afslog && k_hasafs()) if(do_afslog && k_hasafs())
krb5_afslog(context, cache, NULL, NULL); krb5_afslog(context, cache, NULL, NULL);
@@ -782,10 +714,6 @@ renew_func(void *ptr)
get_new_tickets(ctx->context, ctx->principal, get_new_tickets(ctx->context, ctx->principal,
ctx->ccache, ctx->ticket_life, 0); ctx->ccache, ctx->ticket_life, 0);
#ifndef HEIMDAL_SMALLER
if(get_v4_tgt || convert_524)
do_524init(ctx->context, ctx->ccache, NULL, server_str);
#endif
#ifndef NO_AFS #ifndef NO_AFS
if(do_afslog && k_hasafs()) if(do_afslog && k_hasafs())
krb5_afslog(ctx->context, ctx->ccache, NULL, NULL); krb5_afslog(ctx->context, ctx->ccache, NULL, NULL);
@@ -875,12 +803,6 @@ main (int argc, char **argv)
krb5_appdefault_boolean(context, "kinit", krb5_appdefault_boolean(context, "kinit",
krb5_principal_get_realm(context, principal), krb5_principal_get_realm(context, principal),
"renewable", FALSE, &renewable_flag); "renewable", FALSE, &renewable_flag);
#ifndef HEIMDAL_SMALLER
if(get_v4_tgt == -1)
krb5_appdefault_boolean(context, "kinit",
krb5_principal_get_realm(context, principal),
"krb4_get_tickets", FALSE, &get_v4_tgt);
#endif
if(do_afslog == -1) if(do_afslog == -1)
krb5_appdefault_boolean(context, "kinit", krb5_appdefault_boolean(context, "kinit",
krb5_principal_get_realm(context, principal), krb5_principal_get_realm(context, principal),
@@ -898,20 +820,6 @@ main (int argc, char **argv)
krb5_cc_get_type(context, ccache), krb5_cc_get_type(context, ccache),
krb5_cc_get_name(context, ccache)); krb5_cc_get_name(context, ccache));
setenv("KRB5CCNAME", s, 1); setenv("KRB5CCNAME", s, 1);
#ifndef HEIMDAL_SMALLER
if (get_v4_tgt) {
int fd;
if (asprintf(&krb4_cc_name, "%s_XXXXXX", TKT_ROOT) < 0)
krb5_errx(context, 1, "out of memory");
if((fd = mkstemp(krb4_cc_name)) >= 0) {
close(fd);
setenv("KRBTKFILE", krb4_cc_name, 1);
} else {
free(krb4_cc_name);
krb4_cc_name = NULL;
}
}
#endif
} else { } else {
ret = krb5_cc_cache_match(context, principal, &ccache); ret = krb5_cc_cache_match(context, principal, &ccache);
if (ret) { if (ret) {
@@ -974,15 +882,8 @@ main (int argc, char **argv)
exit(ret != 0); exit(ret != 0);
} }
#ifndef HEIMDAL_SMALLER get_new_tickets(context, principal, ccache, ticket_life, 1);
if(!convert_524)
#endif
get_new_tickets(context, principal, ccache, ticket_life, 1);
#ifndef HEIMDAL_SMALLER
if(get_v4_tgt || convert_524)
do_524init(context, ccache, NULL, server_str);
#endif
#ifndef NO_AFS #ifndef NO_AFS
if(do_afslog && k_hasafs()) if(do_afslog && k_hasafs())
krb5_afslog(context, ccache, NULL, NULL); krb5_afslog(context, ccache, NULL, NULL);
@@ -1008,9 +909,6 @@ main (int argc, char **argv)
krb5_warnx(context, N_("command not found: %s", ""), argv[1]); krb5_warnx(context, N_("command not found: %s", ""), argv[1]);
krb5_cc_destroy(context, ccache); krb5_cc_destroy(context, ccache);
#ifndef HEIMDAL_SMALLER
_krb5_krb_dest_tkt(context, krb4_cc_name);
#endif
#ifndef NO_AFS #ifndef NO_AFS
if(k_hasafs()) if(k_hasafs())
k_unlog(); k_unlog();