KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_tkt_with_password (krb5_context context,
krb5_flags options,
krb5_addresses *addrs,
const krb5_enctype *etypes,
const krb5_preauthtype *pre_auth_types,
const char *password,
krb5_ccache ccache,
krb5_creds *creds,
krb5_kdc_rep *ret_as_reply)
{
return krb5_get_in_tkt (context,
options,
addrs,
etypes,
pre_auth_types,
krb5_password_key_proc,
password,
NULL,
NULL,
creds,
ccache,
ret_as_reply);
}
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_in_tkt_with_keytab (krb5_context context,
krb5_flags options,
krb5_addresses *addrs,
const krb5_enctype *etypes,
const krb5_preauthtype *pre_auth_types,
krb5_keytab keytab,
krb5_ccache ccache,
krb5_creds *creds,
krb5_kdc_rep *ret_as_reply)
{
krb5_keytab_key_proc_args a;
a.principal = creds->client;
a.keytab = keytab;
return krb5_get_in_tkt (context,
options,
addrs,
etypes,
pre_auth_types,
krb5_keytab_key_proc,
&a,
NULL,
NULL,
creds,
ccache,
ret_as_reply);
}
krb5_error_code KRB5_LIB_FUNCTION
krb5_get_in_tkt_with_skey (krb5_context context,
krb5_flags options,
krb5_addresses *addrs,
const krb5_enctype *etypes,
const krb5_preauthtype *pre_auth_types,
const krb5_keyblock *key,
krb5_ccache ccache,
krb5_creds *creds,
krb5_kdc_rep *ret_as_reply)
{
if(key == NULL)
return krb5_get_in_tkt_with_keytab (context,
options,
addrs,
etypes,
pre_auth_types,
NULL,
ccache,
creds,
ret_as_reply);
else
return krb5_get_in_tkt (context,
options,
addrs,
etypes,
pre_auth_types,
krb5_skey_key_proc,
key,
NULL,
NULL,
creds,
ccache,
ret_as_reply);
}
static krb5_error_code
get_salt_and_kvno(krb5_context context,
kcm_ccache ccache,
krb5_enctype *etypes,
char *cpn,
char *newpw,
krb5_salt *salt,
unsigned *kvno)
{
krb5_error_code ret;
krb5_creds creds;
krb5_ccache_data ccdata;
krb5_flags options = 0;
krb5_kdc_rep reply;
struct kcm_keyseed_data s;
memset(&creds, 0, sizeof(creds));
memset(&reply, 0, sizeof(reply));
s.password = NULL;
s.salt.salttype = (int)ETYPE_NULL;
krb5_data_zero(&s.salt.saltvalue);
*kvno = 0;
kcm_internal_ccache(context, ccache, &ccdata);
s.password = newpw;
/* Do an AS-REQ to determine salt and key version number */
ret = krb5_copy_principal(context, ccache->client, &creds.client);
if (ret)
return ret;
/* Yes, get a ticket to ourselves */
ret = krb5_copy_principal(context, ccache->client, &creds.server);
if (ret) {
krb5_free_principal(context, creds.client);
return ret;
}
ret = krb5_get_in_tkt(context,
options,
NULL,
etypes,
NULL,
kcm_password_key_proc,
&s,
NULL,
NULL,
&creds,
&ccdata,
&reply);
if (ret) {
kcm_log(0, "Failed to get self ticket for principal %s: %s",
cpn, krb5_get_err_text(context, ret));
krb5_free_salt(context, s.salt);
} else {
*salt = s.salt; /* retrieve stashed salt */
if (reply.kdc_rep.enc_part.kvno != NULL)
*kvno = *(reply.kdc_rep.enc_part.kvno);
}
/* ccache may have been modified but it will get trashed anyway */
krb5_free_cred_contents(context, &creds);
krb5_free_kdc_rep(context, &reply);
return ret;
}
