/* * Obtain (or refresh if necessary) Kerberos machine credentials */ int gssd_refresh_krb5_machine_credential(char *hostname, struct gssd_k5_kt_princ *ple, char *service) { krb5_error_code code = 0; krb5_context context; krb5_keytab kt = NULL; int retval = 0; char *k5err = NULL; const char *svcnames[5] = { "$", "root", "nfs", "host", NULL }; /* * If a specific service name was specified, use it. * Otherwise, use the default list. */ if (service != NULL && strcmp(service, "*") != 0) { svcnames[0] = service; svcnames[1] = NULL; } if (hostname == NULL && ple == NULL) return EINVAL; code = krb5_init_context(&context); if (code) { k5err = gssd_k5_err_msg(NULL, code); printerr(0, "ERROR: %s: %s while initializing krb5 context\n", __func__, k5err); retval = code; gsh_free(k5err); goto out_wo_context; } code = krb5_kt_resolve(context, keytabfile, &kt); if (code != 0) { k5err = gssd_k5_err_msg(context, code); printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n", __func__, k5err, keytabfile); gsh_free(k5err); goto out; } if (ple == NULL) { krb5_keytab_entry kte; code = find_keytab_entry(context, kt, hostname, &kte, svcnames); if (code) { printerr(0, "ERROR: %s: no usable keytab entry found " "in keytab %s for connection with host %s\n", __func__, keytabfile, hostname); retval = code; goto out; } ple = get_ple_by_princ(context, kte.principal); k5_free_kt_entry(context, &kte); if (ple == NULL) { char *pname; if ((krb5_unparse_name(context, kte.principal, &pname))) { pname = NULL; } printerr(0, "ERROR: %s: Could not locate or create ple struct for principal %s for connection with host %s\n", __func__, pname ? pname : "<unparsable>", hostname); if (pname) k5_free_unparsed_name(context, pname); goto out; } } retval = gssd_get_single_krb5_cred(context, kt, ple, 0); out: if (kt) krb5_kt_close(context, kt); krb5_free_context(context); out_wo_context: return retval; }
/* * Obtain (or refresh if necessary) Kerberos machine credentials */ int gssd_refresh_krb5_machine_credential(char *hostname, struct gssd_k5_kt_princ *ple) { krb5_error_code code = 0; krb5_context context; krb5_keytab kt = NULL;; int retval = 0; char *k5err = NULL; if (hostname == NULL && ple == NULL) return EINVAL; code = krb5_init_context(&context); if (code) { k5err = gssd_k5_err_msg(NULL, code); printerr(0, "ERROR: %s: %s while initializing krb5 context\n", __func__, k5err); retval = code; goto out; } if ((code = krb5_kt_resolve(context, keytabfile, &kt))) { k5err = gssd_k5_err_msg(context, code); printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n", __func__, k5err, keytabfile); goto out; } if (ple == NULL) { krb5_keytab_entry kte; code = find_keytab_entry(context, kt, hostname, &kte); if (code) { printerr(0, "ERROR: %s: no usable keytab entry found " "in keytab %s for connection with host %s\n", __FUNCTION__, keytabfile, hostname); retval = code; goto out; } ple = get_ple_by_princ(context, kte.principal); k5_free_kt_entry(context, &kte); if (ple == NULL) { char *pname; if ((krb5_unparse_name(context, kte.principal, &pname))) { pname = NULL; } printerr(0, "ERROR: %s: Could not locate or create " "ple struct for principal %s for connection " "with host %s\n", __FUNCTION__, pname ? pname : "<unparsable>", hostname); if (pname) k5_free_unparsed_name(context, pname); goto out; } } retval = gssd_get_single_krb5_cred(context, kt, ple); out: if (kt) krb5_kt_close(context, kt); krb5_free_context(context); free(k5err); return retval; }