krb5_error_code KRB5_CALLCONV
krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
krb5_address *const *addrs, krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types,
krb5_keytab arg_keytab, krb5_ccache ccache,
krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
{
krb5_error_code retval;
krb5_gic_opt_ext *opte;
char * server = NULL;
krb5_keytab keytab;
krb5_principal client_princ, server_princ;
int use_master = 0;
retval = krb5int_populate_gic_opt(context, &opte,
options, addrs, ktypes,
pre_auth_types, creds);
if (retval)
return retval;
if (arg_keytab == NULL) {
retval = krb5_kt_default(context, &keytab);
if (retval)
return retval;
}
else keytab = arg_keytab;
retval = krb5_unparse_name( context, creds->server, &server);
if (retval)
goto cleanup;
server_princ = creds->server;
client_princ = creds->client;
retval = krb5_get_init_creds (context,
creds, creds->client,
krb5_prompter_posix, NULL,
0, server, opte,
krb5_get_as_key_keytab, (void *)keytab,
&use_master, ret_as_reply);
krb5_free_unparsed_name( context, server);
krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
if (retval) {
goto cleanup;
}
if (creds->server)
krb5_free_principal( context, creds->server);
if (creds->client)
krb5_free_principal( context, creds->client);
creds->client = client_princ;
creds->server = server_princ;
/* store it in the ccache! */
if (ccache)
if ((retval = krb5_cc_store_cred(context, ccache, creds)))
goto cleanup;
cleanup: if (arg_keytab == NULL)
krb5_kt_close(context, keytab);
return retval;
}
/*
Rewrites get_in_tkt in terms of newer get_init_creds API.
Attempts to get an initial ticket for creds->client to use server
creds->server, (realm is taken from creds->client), with options
options, and using creds->times.starttime, creds->times.endtime,
creds->times.renew_till as from, till, and rtime.
creds->times.renew_till is ignored unless the RENEWABLE option is requested.
If addrs is non-NULL, it is used for the addresses requested. If it is
null, the system standard addresses are used.
If password is non-NULL, it is converted using the cryptosystem entry
point for a string conversion routine, seeded with the client's name.
If password is passed as NULL, the password is read from the terminal,
and then converted into a key.
A succesful call will place the ticket in the credentials cache ccache.
returns system errors, encryption errors
*/
krb5_error_code KRB5_CALLCONV
krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
krb5_address *const *addrs, krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types,
const char *password, krb5_ccache ccache,
krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
{
krb5_error_code retval;
krb5_data pw0;
char pw0array[1024];
char * server;
krb5_principal server_princ, client_princ;
int use_master = 0;
krb5_get_init_creds_opt *opts = NULL;
pw0.data = pw0array;
if (password && password[0]) {
if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array))
return EINVAL;
pw0.length = strlen(password);
} else {
pw0.data[0] = '\0';
pw0.length = sizeof(pw0array);
}
retval = krb5int_populate_gic_opt(context, &opts,
options, addrs, ktypes,
pre_auth_types, creds);
if (retval)
return (retval);
retval = krb5_unparse_name( context, creds->server, &server);
if (retval) {
krb5_get_init_creds_opt_free(context, opts);
return (retval);
}
server_princ = creds->server;
client_princ = creds->client;
retval = krb5int_get_init_creds(context, creds, creds->client,
krb5_prompter_posix, NULL,
0, server, opts,
krb5_get_as_key_password, &pw0,
&use_master, ret_as_reply);
krb5_free_unparsed_name( context, server);
krb5_get_init_creds_opt_free(context, opts);
if (retval) {
return (retval);
}
krb5_free_principal( context, creds->server);
krb5_free_principal( context, creds->client);
creds->client = client_princ;
creds->server = server_princ;
/* store it in the ccache! */
if (ccache)
if ((retval = krb5_cc_store_cred(context, ccache, creds)))
return (retval);
return retval;
}
/*
Similar to krb5_get_in_tkt_with_password.
Attempts to get an initial ticket for creds->client to use server
creds->server, (realm is taken from creds->client), with options
options, and using creds->times.starttime, creds->times.endtime,
creds->times.renew_till as from, till, and rtime.
creds->times.renew_till is ignored unless the RENEWABLE option is requested.
If addrs is non-NULL, it is used for the addresses requested. If it is
null, the system standard addresses are used.
If keyblock is NULL, an appropriate key for creds->client is retrieved
from the system key store (e.g. /etc/srvtab). If keyblock is non-NULL,
it is used as the decryption key.
A succesful call will place the ticket in the credentials cache ccache.
returns system errors, encryption errors
*/
krb5_error_code KRB5_CALLCONV
krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
krb5_address *const *addrs, krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types,
const krb5_keyblock *key, krb5_ccache ccache,
krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
{
krb5_error_code retval;
char *server;
krb5_principal server_princ, client_princ;
int use_master = 0;
krb5_get_init_creds_opt *opts = NULL;
#ifndef LEAN_CLIENT
if (key == NULL) {
return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes,
pre_auth_types, NULL, ccache,
creds, ret_as_reply);
}
#endif /* LEAN_CLIENT */
retval = krb5int_populate_gic_opt(context, &opts, options, addrs, ktypes,
pre_auth_types, creds);
if (retval)
return retval;
retval = krb5_unparse_name(context, creds->server, &server);
if (retval) {
krb5_get_init_creds_opt_free(context, opts);
return retval;
}
server_princ = creds->server;
client_princ = creds->client;
retval = krb5int_get_init_creds(context, creds, creds->client,
krb5_prompter_posix, NULL, 0, server, opts,
get_as_key_skey, (void *) key, &use_master,
ret_as_reply);
krb5_free_unparsed_name(context, server);
krb5_get_init_creds_opt_free(context, opts);
if (retval)
return retval;
krb5_free_principal( context, creds->server);
krb5_free_principal( context, creds->client);
creds->client = client_princ;
creds->server = server_princ;
/* store it in the ccache! */
if (ccache)
retval = krb5_cc_store_cred(context, ccache, creds);
return retval;
}
