/*
* Obtain (or refresh if necessary) Kerberos machine credentials
*/
int gssd_refresh_krb5_machine_credential(char *hostname,
struct gssd_k5_kt_princ *ple,
char *service)
{
krb5_error_code code = 0;
krb5_context context;
krb5_keytab kt = NULL;
int retval = 0;
char *k5err = NULL;
const char *svcnames[5] = { "$", "root", "nfs", "host", NULL };
/*
* If a specific service name was specified, use it.
* Otherwise, use the default list.
*/
if (service != NULL && strcmp(service, "*") != 0) {
svcnames[0] = service;
svcnames[1] = NULL;
}
if (hostname == NULL && ple == NULL)
return EINVAL;
code = krb5_init_context(&context);
if (code) {
k5err = gssd_k5_err_msg(NULL, code);
printerr(0, "ERROR: %s: %s while initializing krb5 context\n",
__func__, k5err);
retval = code;
gsh_free(k5err);
goto out_wo_context;
}
code = krb5_kt_resolve(context, keytabfile, &kt);
if (code != 0) {
k5err = gssd_k5_err_msg(context, code);
printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n",
__func__, k5err, keytabfile);
gsh_free(k5err);
goto out;
}
if (ple == NULL) {
krb5_keytab_entry kte;
code = find_keytab_entry(context, kt, hostname, &kte,
svcnames);
if (code) {
printerr(0,
"ERROR: %s: no usable keytab entry found "
"in keytab %s for connection with host %s\n",
__func__, keytabfile, hostname);
retval = code;
goto out;
}
ple = get_ple_by_princ(context, kte.principal);
k5_free_kt_entry(context, &kte);
if (ple == NULL) {
char *pname;
if ((krb5_unparse_name(context, kte.principal,
&pname))) {
pname = NULL;
}
printerr(0,
"ERROR: %s: Could not locate or create ple struct for principal %s for connection with host %s\n",
__func__,
pname ? pname : "<unparsable>", hostname);
if (pname)
k5_free_unparsed_name(context, pname);
goto out;
}
}
retval = gssd_get_single_krb5_cred(context, kt, ple, 0);
out:
if (kt)
krb5_kt_close(context, kt);
krb5_free_context(context);
out_wo_context:
return retval;
}
/*
* Obtain (or refresh if necessary) Kerberos machine credentials
*/
int
gssd_refresh_krb5_machine_credential(char *hostname,
struct gssd_k5_kt_princ *ple)
{
krb5_error_code code = 0;
krb5_context context;
krb5_keytab kt = NULL;;
int retval = 0;
char *k5err = NULL;
if (hostname == NULL && ple == NULL)
return EINVAL;
code = krb5_init_context(&context);
if (code) {
k5err = gssd_k5_err_msg(NULL, code);
printerr(0, "ERROR: %s: %s while initializing krb5 context\n",
__func__, k5err);
retval = code;
goto out;
}
if ((code = krb5_kt_resolve(context, keytabfile, &kt))) {
k5err = gssd_k5_err_msg(context, code);
printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n",
__func__, k5err, keytabfile);
goto out;
}
if (ple == NULL) {
krb5_keytab_entry kte;
code = find_keytab_entry(context, kt, hostname, &kte);
if (code) {
printerr(0, "ERROR: %s: no usable keytab entry found "
"in keytab %s for connection with host %s\n",
__FUNCTION__, keytabfile, hostname);
retval = code;
goto out;
}
ple = get_ple_by_princ(context, kte.principal);
k5_free_kt_entry(context, &kte);
if (ple == NULL) {
char *pname;
if ((krb5_unparse_name(context, kte.principal, &pname))) {
pname = NULL;
}
printerr(0, "ERROR: %s: Could not locate or create "
"ple struct for principal %s for connection "
"with host %s\n",
__FUNCTION__, pname ? pname : "<unparsable>",
hostname);
if (pname) k5_free_unparsed_name(context, pname);
goto out;
}
}
retval = gssd_get_single_krb5_cred(context, kt, ple);
out:
if (kt)
krb5_kt_close(context, kt);
krb5_free_context(context);
free(k5err);
return retval;
}
