Implement init_with_{skey,creds}*. Make use of `password' parameter to

init_with_password.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4907 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/kadm5/init_c.c

@@ -96,84 +96,178 @@ _kadm5_c_init_context(kadm5_client_context **ctx,
 }
 
 static krb5_error_code
-get_cred_cache(krb5_context context, krb5_ccache *cc, 
+get_kadm_ticket(krb5_context context,
-	       const char *client_name, krb5_prompter_fct prompter)
+		krb5_ccache id,
+		krb5_principal client,
+		const char *server_name)
 {
-    krb5_ccache id;
-    krb5_creds in, *out = NULL;
-    krb5_principal client, server = NULL;
     krb5_error_code ret;
+    krb5_creds in, *out;
     
-    if(client_name == NULL) {
-	ret = krb5_cc_default(context, &id);
-	ret = krb5_cc_get_principal(context, id, &client);
-	ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server);
     memset(&in, 0, sizeof(in));
     in.client = client;
-	in.server = server;
+    ret = krb5_parse_name(context, server_name, &in.server);
+    if(ret) 
+	return ret;
     ret = krb5_get_credentials(context, 0, id, &in, &out);
     if(out != NULL)
 	krb5_free_creds(context, out);
-	if(ret == 0) {
+    krb5_free_principal(context, in.server);
-	    *cc = id;
+    return ret;
-	    goto out;
 }
-	krb5_cc_close(context, id);
-    } else 
-	krb5_parse_name(context, client_name, &client);
-    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
 
+static krb5_error_code
+get_new_cache(krb5_context context,
+	      krb5_principal client,
+	      const char *password,
+	      krb5_prompter_fct prompter,
+	      const char *keytab,
+	      const char *server_name,
+	      krb5_ccache *ret_cache)
 {
+    krb5_error_code ret;
     krb5_creds cred;
     krb5_get_init_creds_opt opt;
+    krb5_ccache id;
+    
     krb5_get_init_creds_opt_init (&opt);
+    if(password == NULL && prompter == NULL) {
+	krb5_keytab kt;
+	if(keytab == NULL)
+	    ret = krb5_kt_default(context, &kt);
+	else
+	    ret = krb5_kt_resolve(context, keytab, &kt);
+	if(ret) 
+	    return ret;
+	ret = krb5_get_init_creds_keytab (context,
+					  &cred,
+					  client,
+					  kt,
+					  0,
+					  server_name,
+					  &opt);
+	krb5_kt_close(context, kt);
+    } else {
 	ret = krb5_get_init_creds_password (context,
 					    &cred,
 					    client,
-					    NULL,
+					    password,
 					    prompter,
 					    NULL,
 					    0,
-					    KADM5_ADMIN_SERVICE,
+					    server_name,
 					    &opt);
+    }
     switch(ret){
     case 0:
 	break;
     case KRB5KDC_ERR_NONE: /* XXX hack in krb5_get_init_creds_password */
-	    exit(1);
+	abort();
     case KRB5KRB_AP_ERR_BAD_INTEGRITY:
     case KRB5KRB_AP_ERR_MODIFIED:
 	ret = KADM5_BAD_PASSWORD;
 	break;
     default:
-	    krb5_err(context, 1, ret, "krb5_get_init_creds");
+	break;
-	}
-	if(ret) {
-	    goto out;
     }
+    ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id);
+    if(ret)
+	return ret;
     ret = krb5_cc_initialize (context, id, cred.client);
     if (ret)
 	return ret;
-	
     ret = krb5_cc_store_cred (context, id, &cred);
     if (ret)
 	return ret;
     krb5_free_creds_contents (context, &cred);
-	*cc = id;
+    *ret_cache = id;
+    return 0;
 }
 
-out:
+static krb5_error_code
-    krb5_free_principal(context, client);
+get_cred_cache(krb5_context context,
-    krb5_free_principal(context, server);
+	       const char *client_name,
+	       const char *server_name,
+	       const char *password,
+	       krb5_prompter_fct prompter,
+	       const char *keytab,
+	       krb5_ccache ccache,
+	       krb5_ccache *ret_cache)
+{
+    krb5_error_code ret;
+    krb5_ccache id = NULL;
+    krb5_principal default_client = NULL, client = NULL;
+    
+    /* treat empty password as NULL */
+    if(password && *password == '\0')
+	password = NULL;
+    if(server_name == NULL)
+	server_name = KADM5_ADMIN_SERVICE;
+    
+    if(client_name != NULL) {
+	ret = krb5_parse_name(context, client_name, &client);
+	if(ret) 
 	    return ret;
     }
 
+    if(password != NULL || prompter != NULL) {
+	/* get principal from default cache, ok if this doesn't work */
+	ret = krb5_cc_default(context, &id);
+	if(ret == 0) {
+	    ret = krb5_cc_get_principal(context, id, &default_client);
+	    if(ret) {
+		krb5_cc_close(context, id);
+		id = NULL;
+	    }
+	}
 	
-kadm5_ret_t 
+	if(client == NULL)
-kadm5_c_init_with_password_ctx(krb5_context context,
+	    client = default_client;
-			       char *client_name, 
+	if(client == NULL)
-			       char *pass,
+	    /* client_name not passed, and 
-			       char *service_name,
+	       couldn't get principal from cache */
+	    return -1;
+
+	if(client == default_client) {
+	    krb5_free_principal(context, default_client);
+	    default_client = NULL;
+	}
+    } else if(ccache != NULL)
+	id = ccache;
+    
+
+    if(id && (default_client == NULL || 
+	      krb5_principal_compare(context, client, default_client))) {
+	ret = get_kadm_ticket(context, id, client, server_name);
+	if(ret == 0) {
+	    *ret_cache = id;
+	    krb5_free_principal(context, default_client);
+	    krb5_free_principal(context, client);
+	    return 0;
+	}
+	if(ccache != NULL)
+	    /* couldn't get ticket from cache */
+	    return -1;
+    }
+    /* get creds via AS request */
+    if(id)
+	krb5_cc_close(context, id);
+    krb5_free_principal(context, default_client);
+
+    ret = get_new_cache(context, client, password, prompter, keytab, 
+			server_name, ret_cache);
+    krb5_free_principal(context, client);
+    return ret;
+}
+
+static kadm5_ret_t 
+kadm5_c_init_with_context(krb5_context context,
+			  const char *client_name, 
+			  const char *password,
+			  krb5_prompter_fct prompter,
+			  const char *keytab,
+			  krb5_ccache ccache,
+			  const char *service_name,
 			  kadm5_config_params *realm_params,
 			  unsigned long struct_version,
 			  unsigned long api_version,
@@ -203,13 +297,26 @@ kadm5_c_init_with_password_ctx(krb5_context context,
 	close(s);
 	return KADM5_RPC_ERROR;
     }
-    ret = get_cred_cache(context, &cc, client_name, krb5_prompter_posix);
+    ret = get_cred_cache(context, client_name, service_name, 
-    krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server);
+			 password, prompter, keytab, ccache, &cc);
+    
+    if(ret) {
+	close(s);
+	return ret;
+    }
+    ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server);
+    if(ret) {
+	if(ccache == NULL)
+	    krb5_cc_close(context, cc);
+	close(s);
+	return ret;
+    }
     ctx->ac = NULL;
     ret = krb5_sendauth(context, &ctx->ac, &s, KADMIN_APPL_VERSION, NULL, 
 			server, AP_OPTS_MUTUAL_REQUIRED, 
 			NULL, NULL, cc, NULL, NULL, NULL);
     krb5_free_principal(context, server);
+    if(ccache == NULL)
 	krb5_cc_close(context, cc);
     if(ret){
 	close(s);
@@ -220,10 +327,13 @@ kadm5_c_init_with_password_ctx(krb5_context context,
     return 0;
 }
 
-kadm5_ret_t 
+static kadm5_ret_t 
-kadm5_c_init_with_password(char *client_name, 
+init_context(const char *client_name, 
-			   char *pass,
+	     const char *password,
-			   char *service_name,
+	     krb5_prompter_fct prompter,
+	     const char *keytab,
+	     krb5_ccache ccache,
+	     const char *service_name,
 	     kadm5_config_params *realm_params,
 	     unsigned long struct_version,
 	     unsigned long api_version,
@@ -234,9 +344,12 @@ kadm5_c_init_with_password(char *client_name,
     kadm5_server_context *ctx;
     
     krb5_init_context(&context);
-    ret = kadm5_c_init_with_password_ctx(context, 
+    ret = kadm5_c_init_with_context(context,
 				    client_name,
-					 pass, 
+				    password,
+				    prompter,
+				    keytab,
+				    ccache,
 				    service_name,
 				    realm_params,
 				    struct_version,
@@ -251,17 +364,140 @@ kadm5_c_init_with_password(char *client_name,
     return 0;
 }
 
-#if 0
 kadm5_ret_t 
-kadm5_init_with_skey(char *client_name, char *keytab,
+kadm5_c_init_with_password_ctx(krb5_context context,
-		     char *service_name,
+			       const char *client_name, 
+			       const char *password,
+			       const char *service_name,
 			       kadm5_config_params *realm_params,
 			       unsigned long struct_version,
 			       unsigned long api_version,
 			       void **server_handle)
 {
+    return kadm5_c_init_with_context(context,
+				     client_name,
+				     password,
+				     krb5_prompter_posix,
+				     NULL,
+				     NULL,
+				     service_name,
+				     realm_params,
+				     struct_version,
+				     api_version,
+				     server_handle);
 }
 
+kadm5_ret_t 
+kadm5_c_init_with_password(const char *client_name, 
+			   const char *password,
+			   const char *service_name,
+			   kadm5_config_params *realm_params,
+			   unsigned long struct_version,
+			   unsigned long api_version,
+			   void **server_handle)
+{
+    return init_context(client_name, 
+			password, 
+			krb5_prompter_posix,
+			NULL,
+			NULL,
+			service_name, 
+			realm_params, 
+			struct_version, 
+			api_version, 
+			server_handle);
+}
+
+kadm5_ret_t 
+kadm5_c_init_with_skey_ctx(krb5_context context,
+			   const char *client_name, 
+			   const char *keytab,
+			   const char *service_name,
+			   kadm5_config_params *realm_params,
+			   unsigned long struct_version,
+			   unsigned long api_version,
+			   void **server_handle)
+{
+    return kadm5_c_init_with_context(context,
+				     client_name,
+				     NULL,
+				     NULL,
+				     keytab,
+				     NULL,
+				     service_name,
+				     realm_params,
+				     struct_version,
+				     api_version,
+				     server_handle);
+}
+
+
+kadm5_ret_t 
+kadm5_c_init_with_skey(const char *client_name, 
+		     const char *keytab,
+		     const char *service_name,
+		     kadm5_config_params *realm_params,
+		     unsigned long struct_version,
+		     unsigned long api_version,
+		     void **server_handle)
+{
+    return init_context(client_name, 
+			NULL,
+			NULL,
+			keytab,
+			NULL,
+			service_name, 
+			realm_params, 
+			struct_version, 
+			api_version, 
+			server_handle);
+}
+
+kadm5_ret_t 
+kadm5_c_init_with_creds_ctx(krb5_context context,
+			    const char *client_name,
+			    krb5_ccache ccache,
+			    const char *service_name,
+			    kadm5_config_params *realm_params,
+			    unsigned long struct_version,
+			    unsigned long api_version,
+			    void **server_handle)
+{
+    return kadm5_c_init_with_context(context,
+				     client_name,
+				     NULL,
+				     NULL,
+				     NULL,
+				     ccache,
+				     service_name,
+				     realm_params,
+				     struct_version,
+				     api_version,
+				     server_handle);
+}
+
+kadm5_ret_t 
+kadm5_c_init_with_creds(const char *client_name,
+			krb5_ccache ccache,
+			const char *service_name,
+			kadm5_config_params *realm_params,
+			unsigned long struct_version,
+			unsigned long api_version,
+			void **server_handle)
+{
+    return init_context(client_name, 
+			NULL,
+			NULL,
+			NULL,
+			ccache,
+			service_name, 
+			realm_params, 
+			struct_version, 
+			api_version, 
+			server_handle);
+}
+
+#if 0
 kadm5_ret_t 
 kadm5_init(char *client_name, char *pass,
 	   char *service_name,
@@ -271,17 +507,5 @@ kadm5_init(char *client_name, char *pass,
 	   void **server_handle)
 {
 }
-
-kadm5_ret_t 
-kadm5_init_with_creds(char *client_name,
-		      krb5_ccache ccache,
-		      char *service_name,
-		      kadm5_config_params *params,
-		      krb5_ui_4 struct_version,
-		      krb5_ui_4 api_version,
-		      void **server_handle)
-{
-}
-
-
 #endif
+