KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_credentials(krb5_context context,
krb5_flags options,
krb5_ccache ccache,
krb5_creds *in_creds,
krb5_creds **out_creds)
{
krb5_kdc_flags flags;
flags.i = 0;
return krb5_get_credentials_with_flags(context, options, flags,
ccache, in_creds, out_creds);
}
/*
* Request:
* NameZ
* ServerPrincipal
* KDCFlags
* EncryptionType
*
* Repsonse:
*
*/
static krb5_error_code
kcm_op_get_ticket(krb5_context context,
kcm_client *client,
kcm_operation opcode,
krb5_storage *request,
krb5_storage *response)
{
krb5_error_code ret;
kcm_ccache ccache;
char *name;
krb5_principal server = NULL;
krb5_ccache_data ccdata;
krb5_creds in, *out;
krb5_kdc_flags flags;
memset(&in, 0, sizeof(in));
ret = krb5_ret_stringz(request, &name);
if (ret)
return ret;
KCM_LOG_REQUEST_NAME(context, client, opcode, name);
ret = krb5_ret_uint32(request, &flags.i);
if (ret) {
free(name);
return ret;
}
ret = krb5_ret_int32(request, &in.session.keytype);
if (ret) {
free(name);
return ret;
}
ret = krb5_ret_principal(request, &server);
if (ret) {
free(name);
return ret;
}
ret = kcm_ccache_resolve_client(context, client, opcode,
name, &ccache);
if (ret) {
krb5_free_principal(context, server);
free(name);
return ret;
}
HEIMDAL_MUTEX_lock(&ccache->mutex);
/* Fake up an internal ccache */
kcm_internal_ccache(context, ccache, &ccdata);
in.client = ccache->client;
in.server = server;
in.times.endtime = 0;
/* glue cc layer will store creds */
ret = krb5_get_credentials_with_flags(context, 0, flags,
&ccdata, &in, &out);
HEIMDAL_MUTEX_unlock(&ccache->mutex);
krb5_free_principal(context, server);
if (ret == 0)
krb5_free_cred_contents(context, out);
kcm_release_ccache(context, ccache);
free(name);
return ret;
}
static krb5_error_code
get_cache_principal(krb5_context context,
krb5_ccache *id,
krb5_principal *client)
{
krb5_error_code ret;
const char *name, *inst;
krb5_principal p1, p2;
ret = krb5_cc_default(context, id);
if(ret) {
*id = NULL;
return ret;
}
ret = krb5_cc_get_principal(context, *id, &p1);
if(ret) {
krb5_cc_close(context, *id);
*id = NULL;
return ret;
}
ret = krb5_make_principal(context, &p2, NULL,
"kadmin", "admin", NULL);
if (ret) {
krb5_cc_close(context, *id);
*id = NULL;
krb5_free_principal(context, p1);
return ret;
}
{
krb5_creds in, *out;
krb5_kdc_flags flags;
flags.i = 0;
memset(&in, 0, sizeof(in));
in.client = p1;
in.server = p2;
/* check for initial ticket kadmin/admin */
ret = krb5_get_credentials_with_flags(context, KRB5_GC_CACHED, flags,
*id, &in, &out);
krb5_free_principal(context, p2);
if (ret == 0) {
if (out->flags.b.initial) {
*client = p1;
krb5_free_creds(context, out);
return 0;
}
krb5_free_creds(context, out);
}
}
krb5_cc_close(context, *id);
*id = NULL;
name = krb5_principal_get_comp_string(context, p1, 0);
inst = krb5_principal_get_comp_string(context, p1, 1);
if(inst == NULL || strcmp(inst, "admin") != 0) {
ret = krb5_make_principal(context, &p2, NULL, name, "admin", NULL);
krb5_free_principal(context, p1);
if(ret != 0)
return ret;
*client = p2;
return 0;
}
*client = p1;
return 0;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_ccache cache;
krb5_creds in, *out;
krb5_kdc_flags flags;
int optind = 0;
flags.i = 0;
ret = krb5_init_context (&context);
if (ret)
errx(1, "krb5_init_context failed: %d", ret);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
usage(1);
if (help_flag)
usage (0);
if(version_flag) {
print_version(NULL);
exit(0);
}
argc -= optind;
argv += optind;
if (argc != 1)
usage (1);
ret = krb5_cc_default(context, &cache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_default");
if(cache_str) {
ret = krb5_cc_resolve(context, cache_str, &cache);
if (ret)
krb5_err (context, 1, ret, "%s", cache_str);
} else {
ret = krb5_cc_default (context, &cache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_resolve");
}
memset(&in, 0, sizeof(in));
if (etype_str) {
krb5_enctype enctype;
ret = krb5_string_to_enctype(context, etype_str, &enctype);
if (ret)
krb5_errx (context, 1, "unrecognized enctype: %s", etype_str);
in.session.keytype = enctype;
}
ret = krb5_cc_get_principal(context, cache, &in.client);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_principal");
ret = krb5_parse_name(context, argv[0], &in.server);
if (ret)
krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]);
if (!transit_check)
flags.b.disable_transited_check = 1;
if (canonicalize)
flags.b.canonicalize = 1;
in.times.endtime = 0;
ret = krb5_get_credentials_with_flags(context, 0, flags, cache, &in, &out);
if (ret)
krb5_err (context, 1, ret, "krb5_get_credentials");
krb5_free_cred_contents(context, out);
return 0;
}
