kadm5_ret_t kadm5_s_get_principals(void *server_handle, const char *expression, char ***princs, int *count) { struct foreach_data d; kadm5_server_context *context = server_handle; kadm5_ret_t ret; ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) { krb5_warn(context->context, ret, "opening database"); return ret; } d.exp = expression; { krb5_realm r; krb5_get_default_realm(context->context, &r); asprintf(&d.exp2, "%s@%s", expression, r); free(r); } d.princs = NULL; d.count = 0; ret = hdb_foreach(context->context, context->db, HDB_F_ADMIN_DATA, foreach, &d); context->db->hdb_close(context->context, context->db); if(ret == 0) ret = add_princ(&d, NULL); if(ret == 0){ *princs = d.princs; *count = d.count - 1; }else kadm5_free_name_list(context, d.princs, &d.count); free(d.exp2); return _kadm5_error_code(ret); }
/* * Function: kdb_init_hist * * Purpose: Initializes the hist_princ variable. * * Arguments: * * handle (r) kadm5 api server handle * r (r) realm of history principal to use, or NULL * * Effects: This function sets the value of the hist_princ global variable. */ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r) { int ret = 0; char *realm, *hist_name; if (r == NULL) { if ((ret = krb5_get_default_realm(handle->context, &realm))) return ret; } else { realm = r; } if (asprintf(&hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm) < 0) { hist_name = NULL; goto done; } if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ))) goto done; done: free(hist_name); if (r == NULL) free(realm); return ret; }
static int get_lrealm(char *r, int n) { krb5_error_code ret; krb5_context context; krb5_realm realm; if (n != 1) return KFAILURE; ret = krb5_init_context(&context); if (ret) return KFAILURE; ret = krb5_get_default_realm(context, &realm); if (ret) { krb5_free_context(context); return KFAILURE; } strlcpy(r, realm, REALM_SZ); free(realm); krb5_free_context(context); return KSUCCESS; }
static realm_type default_realm(krb5_context ctx) { char *realm = NULL; krb5_error_code code; krb5_data *realm_data; realm_data = calloc(1, sizeof(krb5_data)); if (realm_data == NULL) return NULL; code = krb5_get_default_realm(ctx, &realm); if (code != 0) { free(realm); return NULL; } realm_data->magic = KV5M_DATA; realm_data->data = strdup(realm); if (realm_data->data == NULL) { free(realm_data); krb5_free_default_realm(ctx, realm); return NULL; } realm_data->length = strlen(realm); krb5_free_default_realm(ctx, realm); return realm_data; }
/* * Find the realm for given hostname */ int do_realm(char *hostname) { krb5_error_code retval; char **realm; if (hostname) { retval = krb5_get_host_realm(ctx, hostname, &realm); if (retval) { com_err(progname, retval, "while obtaining realm for %s", hostname); exit(1); } printf("%s\n", *realm); krb5_free_host_realm(ctx, realm); } else { realm = malloc(sizeof(realm)); retval = krb5_get_default_realm(ctx, realm); if (retval) { com_err(progname, retval, "while obtaining default realm"); exit(1); } printf("%s\n", *realm); krb5_free_default_realm(ctx, *realm); free(realm); } return 0; }
/* * call-seq: * get_default_realm -> string * * Call krb5_get_default_realm() to get the default realm. Returns the default realm on success, raises Krb5Auth::Krb5::Exception on failure. */ static VALUE Krb5_get_default_realm(VALUE self) { struct ruby_krb5 *kerb; char *realm; VALUE result; krb5_error_code krbret; Data_Get_Struct(self, struct ruby_krb5, kerb); if (!kerb) { NOSTRUCT_EXCEPT(); return Qfalse; } krbret = krb5_get_default_realm(kerb->ctx, &realm); if (krbret) { Krb5_register_error(krbret); return Qnil; } result = rb_str_new2(realm); free(realm); return result; }
krb5_error_code KRB5_CALLCONV krb5_parse_name_flags(krb5_context context, const char *name, int flags, krb5_principal *principal_out) { krb5_error_code ret; krb5_principal princ = NULL; char *default_realm; krb5_boolean has_realm; krb5_boolean enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE); krb5_boolean require_realm = (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM); krb5_boolean no_realm = (flags & KRB5_PRINCIPAL_PARSE_NO_REALM); krb5_boolean ignore_realm = (flags & KRB5_PRINCIPAL_PARSE_IGNORE_REALM); *principal_out = NULL; ret = allocate_princ(context, name, enterprise, &princ, &has_realm); if (ret) goto cleanup; parse_name_into_princ(name, enterprise, princ); /* * If a realm was not found, then use the default realm, unless * KRB5_PRINCIPAL_PARSE_NO_REALM was specified in which case the * realm will be empty. */ if (!has_realm) { if (require_realm) { ret = KRB5_PARSE_MALFORMED; krb5_set_error_message(context, ret, _("Principal %s is missing required realm"), name); goto cleanup; } if (!no_realm && !ignore_realm) { ret = krb5_get_default_realm(context, &default_realm); if (ret) goto cleanup; princ->realm = string2data(default_realm); } } else if (no_realm) { ret = KRB5_PARSE_MALFORMED; krb5_set_error_message(context, ret, _("Principal %s has realm present"), name); goto cleanup; } else if (ignore_realm) { krb5_free_data_contents(context, &princ->realm); princ->realm = empty_data(); } princ->type = (enterprise) ? KRB5_NT_ENTERPRISE_PRINCIPAL : KRB5_NT_PRINCIPAL; princ->magic = KV5M_PRINCIPAL; *principal_out = princ; princ = NULL; cleanup: krb5_free_principal(context, princ); return ret; }
/* * Create, initialize, and add a new ple structure to the global list */ static struct gssd_k5_kt_princ * new_ple(krb5_context context, krb5_principal princ) { struct gssd_k5_kt_princ *ple = NULL, *p; krb5_error_code code; char *default_realm; int is_default_realm = 0; ple = malloc(sizeof(struct gssd_k5_kt_princ)); if (ple == NULL) goto outerr; memset(ple, 0, sizeof(*ple)); #ifdef HAVE_KRB5 ple->realm = strndup(princ->realm.data, princ->realm.length); #else ple->realm = strdup(princ->realm); #endif if (ple->realm == NULL) goto outerr; code = krb5_copy_principal(context, princ, &ple->princ); if (code) goto outerr; /* * Add new entry onto the list (if this is the default * realm, always add to the front of the list) */ code = krb5_get_default_realm(context, &default_realm); if (code == 0) { if (strcmp(ple->realm, default_realm) == 0) is_default_realm = 1; k5_free_default_realm(context, default_realm); } if (is_default_realm) { ple->next = gssd_k5_kt_princ_list; gssd_k5_kt_princ_list = ple; } else { p = gssd_k5_kt_princ_list; while (p != NULL && p->next != NULL) p = p->next; if (p == NULL) gssd_k5_kt_princ_list = ple; else p->next = ple; } return ple; outerr: if (ple) { if (ple->realm) free(ple->realm); free(ple); } return NULL; }
int main(int argc, char **argv) { krb5_context context; krb5_error_code ret; krb5_realm realm; int optind = 0; char *user; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); if (help_flag) usage (0); if(version_flag){ print_version(NULL); exit(0); } argc -= optind; argv += optind; if (argc != 1) errx(1, "first argument should be a local user that in root .k5login"); user = argv[0]; ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); ret = krb5_get_default_realm(context, &realm); if (ret) krb5_err(context, 1, ret, "krb5_get_default_realm"); test_alname(context, realm, user, NULL, user, 1); test_alname(context, realm, user, "root", "root", 1); test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0); test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0); test_alname(context, realm, user, NULL, "not-same-as-user", 0); test_alname(context, realm, user, "root", "not-same-as-user", 0); test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, "not-same-as-user", 0); test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "not-same-as-user", 0); krb5_free_context(context); return 0; }
static isc_result_t check_credentials(krb5_context context, krb5_ccache ccache, krb5_principal service) { char *realm = NULL; krb5_creds creds; krb5_creds mcreds; krb5_error_code krberr; krb5_timestamp now; isc_result_t result = ISC_R_FAILURE; memset(&mcreds, 0, sizeof(mcreds)); memset(&creds, 0, sizeof(creds)); krberr = krb5_get_default_realm(context, &realm); CHECK_KRB5(context, krberr, "Failed to retrieve default realm"); krberr = krb5_build_principal(context, &mcreds.server, strlen(realm), realm, "krbtgt", realm, NULL); CHECK_KRB5(context, krberr, "Failed to build 'krbtgt/REALM' principal"); mcreds.client = service; krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcreds, &creds); if (krberr) { const char * errmsg = krb5_get_error_message(context, krberr); log_error("Credentials are not present in cache (%s)\n", errmsg); krb5_free_error_message(context, errmsg); result = ISC_R_FAILURE; goto cleanup; } CHECK_KRB5(context, krberr, "Credentials are not present in cache "); krberr = krb5_timeofday(context, &now); CHECK_KRB5(context, krberr, "Failed to get time of day"); if (now > (creds.times.endtime + KRB_MIN_TIME)) { log_error("Credentials cache expired"); result = ISC_R_FAILURE; goto cleanup; } else { char buf[255]; char fill = ' '; krb5_timestamp_to_sfstring(creds.times.endtime, buf, 16, &fill); log_info("Credentials valid til %s\n", buf); } result = ISC_R_SUCCESS; cleanup: krb5_free_cred_contents(context, &creds); if (mcreds.server) krb5_free_principal(context, mcreds.server); if (realm) krb5_free_default_realm(context, realm); return result; }
static char * get_default_realm(krb5_context context) { char *realm; krb5_error_code ret; if ((ret = krb5_get_default_realm(context, &realm)) != 0) krb5_err(context, 1, ret, "krb5_get_default_realm"); return realm; }
static realm_type default_realm(krb5_context ctx) { krb5_error_code code; realm_type realm; code = krb5_get_default_realm(ctx, &realm); if (code != 0) realm = NULL; return realm; }
krb5_error_code kdb_init_master(kadm5_server_handle_t handle, char *r, int from_keyboard) { int ret = 0; char *realm; krb5_boolean from_kbd = FALSE; krb5_kvno mkvno = IGNORE_VNO; if (from_keyboard) from_kbd = TRUE; if (r == NULL) { if ((ret = krb5_get_default_realm(handle->context, &realm))) return ret; } else { realm = r; } if ((ret = krb5_db_setup_mkey_name(handle->context, handle->params.mkey_name, realm, NULL, &master_princ))) goto done; master_keyblock.enctype = handle->params.enctype; /* * Fetch the local mkey, may not be the latest but that's okay because we * really want the list of all mkeys and those can be retrieved with any * valid mkey. */ ret = krb5_db_fetch_mkey(handle->context, master_princ, master_keyblock.enctype, from_kbd, FALSE /* only prompt once */, handle->params.stash_file, &mkvno /* get the kvno of the returned mkey */, NULL /* I'm not sure about this, but it's what the kdc does --marc */, &master_keyblock); if (ret) goto done; if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ, &master_keyblock))) { krb5_db_fini(handle->context); return (ret); } done: if (r == NULL) free(realm); return(ret); }
static krb5_error_code unparse_name_fixed(krb5_context context, krb5_const_principal principal, char *name, size_t len, int flags) { size_t idx = 0; int i; int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0; int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0; int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; if (!no_realm && princ_realm(principal) == NULL) { krb5_set_error_message(context, ERANGE, N_("Realm missing from principal, " "can't unparse", "")); return ERANGE; } for(i = 0; i < princ_num_comp(principal); i++){ if(i) add_char(name, idx, len, '/'); idx = quote_string(princ_ncomp(principal, i), name, idx, len, display); if(idx == len) { krb5_set_error_message(context, ERANGE, N_("Out of space printing principal", "")); return ERANGE; } } /* add realm if different from default realm */ if(short_form && !no_realm) { krb5_realm r; krb5_error_code ret; ret = krb5_get_default_realm(context, &r); if(ret) return ret; if(strcmp(princ_realm(principal), r) != 0) short_form = 0; free(r); } if(!short_form && !no_realm) { add_char(name, idx, len, '@'); idx = quote_string(princ_realm(principal), name, idx, len, display); if(idx == len) { krb5_set_error_message(context, ERANGE, N_("Out of space printing " "realm of principal", "")); return ERANGE; } } return 0; }
/* * Return default Kerberos realm */ void gssd_k5_get_default_realm(char **def_realm) { krb5_context context; if (krb5_init_context(&context)) return; krb5_get_default_realm(context, def_realm); krb5_free_context(context); }
/* * Find the admin server for the given realm. If the realm is null or * the empty string, find the admin server for the default realm. * Returns 0 on succsess (KADM5_OK). It is the callers responsibility to * free the storage allocated to the admin server, master. */ kadm5_ret_t kadm5_get_master(krb5_context context, const char *realm, char **master) { /* Solaris Kerberos */ char *def_realm = NULL; char *delim; #ifdef KRB5_DNS_LOOKUP struct sockaddr *addrs; int naddrs; unsigned short dns_portno; char dns_host[MAX_DNS_NAMELEN]; krb5_data dns_realm; krb5_error_code dns_ret = 1; #endif /* KRB5_DNS_LOOKUP */ if (realm == 0 || *realm == '\0') krb5_get_default_realm(context, &def_realm); (void) profile_get_string(context->profile, "realms", realm ? realm : def_realm, KADM5_MASTER, 0, master); if ((*master != NULL) && ((delim = strchr(*master, ':')) != NULL)) *delim = '\0'; #ifdef KRB5_DNS_LOOKUP if (*master == NULL) { /* * Initialize realm info for (possible) DNS lookups. */ dns_realm.data = strdup(realm ? realm : def_realm); dns_realm.length = strlen(realm ? realm : def_realm); dns_realm.magic = 0; dns_ret = krb5_get_servername(context, &dns_realm, "_kerberos-adm", "_udp", dns_host, &dns_portno); if (dns_ret == 0) *master = strdup(dns_host); if (dns_realm.data) free(dns_realm.data); } #endif /* KRB5_DNS_LOOKUP */ /* Solaris Kerberos */ if (def_realm != NULL) krb5_free_default_realm(context, def_realm); return (*master ? KADM5_OK : KADM5_NO_SRV); }
int krealm_init(struct rekey_session *sess) { int rc; char *realm=NULL; if (sess->realm) { return 0; } rc=krb5_get_default_realm(sess->kctx, &realm); if (rc) { prtmsg("Unable to get default realm: %s", krb5_get_err_text(sess->kctx, rc)); return rc; } sess->realm = realm; return 0; }
static void test_get_default_realm(krb5_context ctx) { char *realm; krb5_error_code retval; retval = krb5_get_default_realm(ctx, &realm); if (retval) { com_err("krb5_get_default_realm", retval, 0); return; } printf("krb5_get_default_realm() returned '%s'\n", realm); free(realm); }
krb5_error_code kdb_init_master(kadm5_server_handle_t handle, char *r, int from_keyboard) { int ret = 0; char *realm; krb5_boolean from_kbd = FALSE; if (from_keyboard) from_kbd = TRUE; if (r == NULL) { if ((ret = krb5_get_default_realm(handle->context, &realm))) return ret; } else { realm = r; } if ((ret = krb5_db_setup_mkey_name(handle->context, handle->params.mkey_name, realm, NULL, &master_princ))) goto done; /* Solaris Kerberos */ #if 0 master_keyblock.enctype = handle->params.enctype; #endif /* Solaris Kerberos */ ret = krb5_db_fetch_mkey(handle->context, master_princ, handle->params.enctype, from_kbd, FALSE /* only prompt once */, handle->params.stash_file, NULL /* I'm not sure about this, but it's what the kdc does --marc */, &handle->master_keyblock); if (ret) goto done; /* Solaris Kerberos */ if ((ret = krb5_db_verify_master_key(handle->context, master_princ, &handle->master_keyblock))) { krb5_db_fini(handle->context); return ret; } done: if (r == NULL) free(realm); return(ret); }
/* * call-seq: * krb.get_default_realm # => 'YOUR.REALM.COM' * * Returns the default Kerberos realm on your system. */ static VALUE rkrb5_get_default_realm(VALUE self){ RUBY_KRB5* ptr; char* realm; krb5_error_code kerror; Data_Get_Struct(self, RUBY_KRB5, ptr); kerror = krb5_get_default_realm(ptr->ctx, &realm); if(kerror) rb_raise(cKrb5Exception, "krb5_get_default_realm: %s", error_message(kerror)); return rb_str_new2(realm); }
/* * Function: Intialize name fields in the Kerberos dialog. * * Parameters: * hwnd - the window recieving the message. * * fullname - the full kerberos name to initialize with */ void kwin_init_name(HWND hwnd, char *fullname) { char name[ANAME_SZ]; char instance[INST_SZ]; char realm[REALM_SZ]; int krc; #ifdef KRB5 krb5_error_code code; char *ptr; #endif if (fullname == NULL || fullname[0] == 0) { #ifdef KRB4 strcpy(name, krb_get_default_user()); strcpy(instance, cns_res.instance); krc = krb_get_lrealm(realm, 1); if (krc != KSUCCESS) realm[0] = 0; strcpy(realm, cns_res.realm); #endif /* KRB4 */ #ifdef KRB5 strcpy(name, cns_res.name); *realm = '\0'; code = krb5_get_default_realm(k5_context, &ptr); if (!code) { strcpy(realm, ptr); /* free(ptr); XXX */ } strcpy(realm, cns_res.realm); #endif /* KRB5 */ } else { #ifdef KRB4 kname_parse(name, instance, realm, fullname); SetDlgItemText(hwnd, IDD_LOGIN_INSTANCE, instance); #endif #ifdef KRB5 krc = k5_kname_parse(name, realm, fullname); *instance = '\0'; #endif } SetDlgItemText(hwnd, IDD_LOGIN_NAME, name); SetDlgItemText(hwnd, IDD_LOGIN_REALM, realm); }
/** * Get the default realm for this host. */ static PyObject *get_default_realm(PyObject *self) { char *realm = NULL; PyObject *pyrealm = NULL; krb5_error_code retval; retval = krb5_get_default_realm(module_context, &realm); if (retval) return python_krb5_error(retval); pyrealm = PyString_FromString(realm); free(realm); return pyrealm; }
static struct rekey_session *setup_session(void) { struct rekey_session *sess; if (!(sess = calloc(1, sizeof(struct rekey_session)))) fatal("Out of memory!"); if (krb5_init_context(&sess->kctx)) fatal("krb5_init_context failed"); if (krb5_get_default_realm(sess->kctx, &sess->realm)) fatal("krb5_get_default_realm failed"); return sess; }
/* * Given a remctl object, the Kerberos context, the type for the wallet * interface, and a file name of a keytab, iterate through every existing * principal in the keytab in the local realm, get fresh keys for those * principals, and save the old and new keys to that file. Returns true on * success and false on partial failure to retrieve all the keys. */ bool rekey_keytab(struct remctl *r, krb5_context ctx, const char *type, const char *file) { char *realm = NULL; char *data = NULL; char *tempfile; size_t length = 0; int status; bool error = false, rekeyed = false; struct principal_name *names, *current; xasprintf(&tempfile, "%s.new", file); krb5_get_default_realm(ctx, &realm); names = keytab_principals(ctx, file, realm); for (current = names; current != NULL; current = current->next) { status = download_keytab(r, type, current->princ, &data, &length); if (status != 0) { warn("error rekeying for principal %s", current->princ); error = true; continue; } write_file(tempfile, data, length); rekeyed = true; /* * Now merge the original keytab file with the one containing the new * keys from the rekeying of this principal. */ if (access(file, F_OK) != 0) { if (link(tempfile, file) < 0) sysdie("rename of temporary keytab %s to %s failed", tempfile, file); } else { merge_keytab(ctx, tempfile, file); if (unlink(tempfile) < 0) syswarn("unlink of temporary keytab file %s failed", tempfile); } } /* If no new keytab data, then leave the keytab as-is. */ if (!rekeyed) die("no rekeyable principals found"); free(tempfile); return !error; }
kadm5_ret_t _kadm5_s_init_context(kadm5_server_context **ctx, kadm5_config_params *params, krb5_context context) { *ctx = malloc(sizeof(**ctx)); if(*ctx == NULL) return ENOMEM; memset(*ctx, 0, sizeof(**ctx)); set_funcs(*ctx); (*ctx)->context = context; krb5_add_et_list (context, initialize_kadm5_error_table_r); #define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M) if(is_set(REALM)) (*ctx)->config.realm = strdup(params->realm); else krb5_get_default_realm(context, &(*ctx)->config.realm); if(is_set(DBNAME)) (*ctx)->config.dbname = strdup(params->dbname); if(is_set(ACL_FILE)) (*ctx)->config.acl_file = strdup(params->acl_file); if(is_set(STASH_FILE)) (*ctx)->config.stash_file = strdup(params->stash_file); find_db_spec(*ctx); /* PROFILE can't be specified for now */ /* KADMIND_PORT is supposed to be used on the server also, but this doesn't make sense */ /* ADMIN_SERVER is client only */ /* ADNAME is not used at all (as far as I can tell) */ /* ADB_LOCKFILE ditto */ /* DICT_FILE */ /* ADMIN_KEYTAB */ /* MKEY_FROM_KEYBOARD is not supported */ /* MKEY_NAME neither */ /* ENCTYPE */ /* MAX_LIFE */ /* MAX_RLIFE */ /* EXPIRATION */ /* FLAGS */ /* ENCTYPES */ return 0; }
krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realms_out) { krb5_error_code ret; struct hostrealm_module_handle **hp; char **realms, *defrealm, *host, cleanname[1024]; *realms_out = NULL; /* Convert hdata into a string and clean it. */ host = k5memdup0(hdata->data, hdata->length, &ret); if (host == NULL) return ret; ret = k5_clean_hostname(context, host, cleanname, sizeof(cleanname)); free(host); if (ret) return ret; if (context->hostrealm_handles == NULL) { ret = load_hostrealm_modules(context); if (ret) return ret; } /* Give each module a chance to determine the fallback realms. */ for (hp = context->hostrealm_handles; *hp != NULL; hp++) { ret = fallback_realm(context, *hp, cleanname, &realms); if (ret == 0) { ret = copy_list(realms, realms_out); free_list(context, *hp, realms); return ret; } else if (ret != KRB5_PLUGIN_NO_HANDLE) { return ret; } } /* Return a list containing the default realm. */ ret = krb5_get_default_realm(context, &defrealm); if (ret) return ret; ret = k5_make_realmlist(defrealm, realms_out); krb5_free_default_realm(context, defrealm); return ret; }
krb5_error_code kdb_init_master(kadm5_server_handle_t handle, char *r, int from_keyboard) { int ret = 0; char *realm; krb5_keyblock tmk; if (r == NULL) { if ((ret = krb5_get_default_realm(handle->context, &realm))) return ret; } else { realm = r; } if ((ret = krb5_db_setup_mkey_name(handle->context, handle->params.mkey_name, realm, NULL, &master_princ))) goto done; if (ret = krb5_db_fetch_mkey(handle->context, master_princ, handle->params.enctype, from_keyboard, FALSE /* only prompt once */, handle->params.stash_file, NULL /* I'm not sure about this, but it's what the kdc does --marc */, &handle->master_keyblock)) goto done; if ((ret = krb5_db_init(handle->context)) != KSUCCESS) goto done; if ((ret = krb5_db_verify_master_key(handle->context, master_princ, &handle->master_keyblock))) { krb5_db_fini(handle->context); return ret; } done: if (r == NULL) free(realm); return(ret); }
/* * Test whether anonymous authentication works. If this doesn't, we need to * skip the tests of anonymous FAST. */ static bool anon_fast_works(void) { krb5_context ctx; krb5_error_code retval; krb5_principal princ = NULL; char *realm; krb5_creds creds; krb5_get_init_creds_opt *opts = NULL; /* Construct the anonymous principal name. */ retval = krb5_init_context(&ctx); if (retval != 0) bail("cannot initialize Kerberos"); retval = krb5_get_default_realm(ctx, &realm); if (retval != 0) bail("cannot get default realm"); retval = krb5_build_principal_ext(ctx, &princ, strlen(realm), realm, strlen(KRB5_WELLKNOWN_NAME), KRB5_WELLKNOWN_NAME, strlen(KRB5_ANON_NAME), KRB5_ANON_NAME, NULL); if (retval != 0) bail("cannot construct anonymous principal"); krb5_free_default_realm(ctx, realm); /* Obtain the credentials. */ memset(&creds, 0, sizeof(creds)); retval = krb5_get_init_creds_opt_alloc(ctx, &opts); if (retval != 0) bail("cannot create credential options"); krb5_get_init_creds_opt_set_anonymous(opts, 1); krb5_get_init_creds_opt_set_tkt_life(opts, 60); retval = krb5_get_init_creds_password(ctx, &creds, princ, NULL, NULL, NULL, 0, NULL, opts); /* Clean up. */ if (princ != NULL) krb5_free_principal(ctx, princ); if (opts != NULL) krb5_get_init_creds_opt_free(ctx, opts); krb5_free_cred_contents(ctx, &creds); return (retval == 0); }
DWORD LwKrb5GetDefaultRealm( PSTR* ppszRealm ) { DWORD dwError = 0; krb5_context ctx = NULL; PSTR pszKrb5Realm = NULL; PSTR pszRealm = NULL; krb5_init_context(&ctx); krb5_get_default_realm(ctx, &pszKrb5Realm); if (LW_IS_NULL_OR_EMPTY_STR(pszKrb5Realm)) { dwError = LW_ERROR_NO_DEFAULT_REALM; BAIL_ON_LW_ERROR(dwError); } dwError = LwAllocateString(pszKrb5Realm, &pszRealm); BAIL_ON_LW_ERROR(dwError); *ppszRealm = pszRealm; cleanup: if (pszKrb5Realm) { krb5_free_default_realm(ctx, pszKrb5Realm); } krb5_free_context(ctx); return(dwError); error: *ppszRealm = NULL; LW_SAFE_FREE_STRING(pszRealm); goto cleanup; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal(krb5_context context, krb5_principal *principal, krb5_const_realm realm, ...) { krb5_error_code ret; krb5_realm r = NULL; va_list ap; if(realm == NULL) { ret = krb5_get_default_realm(context, &r); if(ret) return ret; realm = r; } va_start(ap, realm); ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap); va_end(ap); if(r) free(r); return ret; }