int main(int argc, char **argv) { krb5_context context; krb5_principal server; krb5_ccache ccache; krb5_data data; krb5_error_code ret; char *perr; int c; unsigned int i; bail_on_err(NULL, "Error initializing Kerberos library", krb5_init_context(&context)); bail_on_err(context, "Error getting location of default ccache", krb5_cc_default(context, &ccache)); server = NULL; while ((c = getopt(argc, argv, "p:")) != -1) { switch (c) { case 'p': if (asprintf(&perr, "Error parsing principal name \"%s\"", optarg) < 0) perr = "Error parsing principal name"; bail_on_err(context, perr, krb5_parse_name(context, optarg, &server)); break; } } if (argc - optind < 1 || argc - optind > 2) { fprintf(stderr, "Usage: %s [-p principal] key [value]\n", argv[0]); return 1; } memset(&data, 0, sizeof(data)); if (argc - optind == 2) { unset_config(context, ccache, server, argv[optind]); data = string2data(argv[optind + 1]); bail_on_err(context, "Error adding configuration data to ccache", krb5_cc_set_config(context, ccache, server, argv[optind], &data)); } else { ret = krb5_cc_get_config(context, ccache, server, argv[optind], &data); if (ret == 0) { for (i = 0; i < data.length; i++) putc((unsigned int)data.data[i], stdout); } } krb5_free_principal(context, server); krb5_cc_close(context, ccache); krb5_free_context(context); return 0; }
int main(int argc, char **argv) { krb5_context ctx; krb5_ccache in_ccache, out_ccache, armor_ccache; krb5_get_init_creds_opt *opt; char *user, *password, *armor_ccname = NULL, *in_ccname = NULL, *perr; const char *err; krb5_principal client; krb5_creds creds; krb5_flags fast_flags; krb5_error_code ret; int c; while ((c = getopt(argc, argv, "I:A:")) != -1) { switch (c) { case 'A': armor_ccname = optarg; break; case 'I': in_ccname = optarg; break; } } if (argc - optind < 2) { fprintf(stderr, "Usage: %s [-A armor_ccache] [-I in_ccache] " "username password\n", argv[0]); return 1; } user = argv[optind]; password = argv[optind + 1]; bail_on_err(NULL, "Error initializing Kerberos", krb5_init_context(&ctx)); bail_on_err(ctx, "Error allocating space for get_init_creds options", krb5_get_init_creds_opt_alloc(ctx, &opt)); if (in_ccname != NULL) { bail_on_err(ctx, "Error resolving input ccache", krb5_cc_resolve(ctx, in_ccname, &in_ccache)); bail_on_err(ctx, "Error setting input_ccache option", krb5_get_init_creds_opt_set_in_ccache(ctx, opt, in_ccache)); } else { in_ccache = NULL; } if (armor_ccname != NULL) { bail_on_err(ctx, "Error resolving armor ccache", krb5_cc_resolve(ctx, armor_ccname, &armor_ccache)); bail_on_err(ctx, "Error setting fast_ccache option", krb5_get_init_creds_opt_set_fast_ccache(ctx, opt, armor_ccache)); fast_flags = KRB5_FAST_REQUIRED; bail_on_err(ctx, "Error setting option to force use of FAST", krb5_get_init_creds_opt_set_fast_flags(ctx, opt, fast_flags)); } else { armor_ccache = NULL; } bail_on_err(ctx, "Error resolving output (default) ccache", krb5_cc_default(ctx, &out_ccache)); bail_on_err(ctx, "Error setting output ccache option", krb5_get_init_creds_opt_set_out_ccache(ctx, opt, out_ccache)); if (asprintf(&perr, "Error parsing principal name \"%s\"", user) < 0) abort(); bail_on_err(ctx, perr, krb5_parse_name(ctx, user, &client)); ret = krb5_get_init_creds_password(ctx, &creds, client, password, prompter_cb, NULL, 0, NULL, opt); if (ret) { err = krb5_get_error_message(ctx, ret); printf("%s\n", err); krb5_free_error_message(ctx, err); } else { krb5_free_cred_contents(ctx, &creds); } krb5_get_init_creds_opt_free(ctx, opt); krb5_free_principal(ctx, client); krb5_cc_close(ctx, out_ccache); if (armor_ccache != NULL) krb5_cc_close(ctx, armor_ccache); if (in_ccache != NULL) krb5_cc_close(ctx, in_ccache); krb5_free_context(ctx); free(perr); return ret ? (ret - KRB5KDC_ERR_NONE) : 0; }
/* * The default unset code path depends on the underlying ccache implementation * knowing how to remove a credential, which most types don't actually support, * so we have to jump through some hoops to ensure that when we set a value for * a key, it'll be the only value for that key that'll be found later. The * ccache portions of libkrb5 will currently duplicate some of the actual * tickets. */ static void unset_config(krb5_context context, krb5_ccache ccache, krb5_principal server, const char *key) { krb5_ccache tmp1, tmp2; krb5_cc_cursor cursor; krb5_creds mcreds, creds; memset(&mcreds, 0, sizeof(mcreds)); memset(&creds, 0, sizeof(creds)); bail_on_err(context, "Error while deriving configuration principal names", k5_build_conf_principals(context, ccache, server, key, &mcreds)); bail_on_err(context, "Error resolving first in-memory ccache", krb5_cc_resolve(context, "MEMORY:tmp1", &tmp1)); bail_on_err(context, "Error initializing first in-memory ccache", krb5_cc_initialize(context, tmp1, mcreds.client)); bail_on_err(context, "Error resolving second in-memory ccache", krb5_cc_resolve(context, "MEMORY:tmp2", &tmp2)); bail_on_err(context, "Error initializing second in-memory ccache", krb5_cc_initialize(context, tmp2, mcreds.client)); bail_on_err(context, "Error copying credentials to first in-memory ccache", krb5_cc_copy_creds(context, ccache, tmp1)); bail_on_err(context, "Error starting traversal of first in-memory ccache", krb5_cc_start_seq_get(context, tmp1, &cursor)); while (krb5_cc_next_cred(context, tmp1, &cursor, &creds) == 0) { if (!krb5_is_config_principal(context, creds.server) || !krb5_principal_compare(context, mcreds.server, creds.server) || !krb5_principal_compare(context, mcreds.client, creds.client)) { bail_on_err(context, "Error storing non-config item to in-memory ccache", krb5_cc_store_cred(context, tmp2, &creds)); } } bail_on_err(context, "Error ending traversal of first in-memory ccache", krb5_cc_end_seq_get(context, tmp1, &cursor)); bail_on_err(context, "Error clearing ccache", krb5_cc_initialize(context, ccache, mcreds.client)); bail_on_err(context, "Error storing creds to the ccache", krb5_cc_copy_creds(context, tmp2, ccache)); bail_on_err(context, "Error cleaning up first in-memory ccache", krb5_cc_destroy(context, tmp1)); bail_on_err(context, "Error cleaning up second in-memory ccache", krb5_cc_destroy(context, tmp2)); }