static void test_int32(krb5_context context, krb5_storage *sp) { krb5_error_code ret; int i; int32_t val[] = { 0, 1, -1, 2147483647, -2147483646 }, v; krb5_storage_truncate(sp, 0); for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_int32(sp, val[i]); if (ret) krb5_err(context, 1, ret, "krb5_store_int32"); krb5_storage_seek(sp, 0, SEEK_SET); ret = krb5_ret_int32(sp, &v); if (ret) krb5_err(context, 1, ret, "krb5_ret_int32"); if (v != val[i]) krb5_errx(context, 1, "store and ret mismatch"); } }
static void send_im_here (krb5_context context, int fd, krb5_auth_context auth_context) { krb5_storage *sp; krb5_data data; int ret; ret = krb5_data_alloc (&data, 4); if (ret) krb5_err (context, 1, ret, "send_im_here"); sp = krb5_storage_from_data (&data); if (sp == NULL) krb5_errx (context, 1, "krb5_storage_from_data"); krb5_store_int32(sp, I_AM_HERE); krb5_storage_free(sp); ret = krb5_write_priv_message(context, auth_context, &fd, &data); krb5_data_free(&data); if (ret) krb5_err (context, 1, ret, "krb5_write_priv_message"); }
static void test_uint16(krb5_context context, krb5_storage *sp) { krb5_error_code ret; int i; uint16_t val[] = { 0, 1, 65535 }, v; krb5_storage_truncate(sp, 0); for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_uint16(sp, val[i]); if (ret) krb5_err(context, 1, ret, "krb5_store_uint16"); krb5_storage_seek(sp, 0, SEEK_SET); ret = krb5_ret_uint16(sp, &v); if (ret) krb5_err(context, 1, ret, "krb5_ret_uint16"); if (v != val[i]) krb5_errx(context, 1, "store and ret mismatch"); } }
int iprop_truncate(struct truncate_options *opt, int argc, char **argv) { kadm5_server_context *server_context; krb5_error_code ret; server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_truncate (server_context); if (ret) krb5_err (context, 1, ret, "kadm5_log_truncate"); return 0; }
static void add_one_address (krb5_context context, const char *str, int first) { krb5_error_code ret; krb5_addresses tmp; ret = krb5_parse_address (context, str, &tmp); if (ret) krb5_err (context, 1, ret, "parse_address `%s'", str); if (first) krb5_copy_addresses(context, &tmp, &explicit_addresses); else krb5_append_addresses(context, &explicit_addresses, &tmp); krb5_free_addresses (context, &tmp); }
krb5_error_code kadmind_loop(krb5_context context, krb5_keytab keytab, krb5_socket_t sock) { u_char buf[sizeof(KRB5_SENDAUTH_VERSION) + 4]; ssize_t n; unsigned long len; n = krb5_net_read(context, &sock, buf, 4); if(n == 0) exit(0); if(n < 0) krb5_err(context, 1, errno, "read"); _krb5_get_int(buf, &len, 4); if (len == sizeof(KRB5_SENDAUTH_VERSION)) { n = krb5_net_read(context, &sock, buf + 4, len); if (n < 0) krb5_err (context, 1, errno, "reading sendauth version"); if (n == 0) krb5_errx (context, 1, "EOF reading sendauth version"); if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) { handle_v5(context, keytab, sock); return 0; } len += 4; } else len = 4; handle_mit(context, buf, len, sock); return 0; }
static void test_fcache_remove(krb5_context context) { krb5_error_code ret; krb5_ccache id; krb5_principal p; krb5_creds cred; ret = krb5_parse_name(context, "*****@*****.**", &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &id); if (ret) krb5_err(context, 1, ret, "krb5_cc_gen_new"); ret = krb5_cc_initialize(context, id, p); if (ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); /* */ memset(&cred, 0, sizeof(cred)); ret = krb5_parse_name(context, "krbtgt/[email protected]", &cred.server); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); ret = krb5_parse_name(context, "*****@*****.**", &cred.client); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); ret = krb5_cc_store_cred(context, id, &cred); if (ret) krb5_err(context, 1, ret, "krb5_cc_store_cred"); ret = krb5_cc_remove_cred(context, id, 0, &cred); if (ret) krb5_err(context, 1, ret, "krb5_cc_remove_cred"); ret = krb5_cc_destroy(context, id); if (ret) krb5_err(context, 1, ret, "krb5_cc_destroy"); krb5_free_principal(context, p); krb5_free_principal(context, cred.server); krb5_free_principal(context, cred.client); }
int server_setup(krb5_context *context, int argc, char **argv) { int port = common_setup(context, &argc, argv, server_usage); krb5_error_code ret; if(argv[argc] != NULL) server_usage(1, args, num_args); if (keytab_str != NULL) ret = krb5_kt_resolve (*context, keytab_str, &keytab); else ret = krb5_kt_default (*context, &keytab); if (ret) krb5_err (*context, 1, ret, "krb5_kt_resolve/default"); return port; }
static void parse_file(krb5_context context, krb5_principal principal, int no_salt) { krb5_error_code ret; size_t nkeys; Key *keys; ret = hdb_generate_key_set(context, principal, 0, NULL, &keys, &nkeys, no_salt); if (ret) krb5_err(context, 1, ret, "hdb_generate_key_set"); print_keys(context, keys, nkeys); hdb_free_keys(context, nkeys, keys); }
static void parse_name_realm(krb5_context context, const char *name, int flags, const char *realm, krb5_principal *princ) { krb5_error_code ret; if (realm) flags |= KRB5_PRINCIPAL_PARSE_NO_DEF_REALM; if ((ret = krb5_parse_name_flags(context, name, flags, princ)) != 0) krb5_err(context, 1, ret, "krb5_parse_name_flags"); if (realm && krb5_principal_get_realm(context, *princ) == NULL) set_princ_realm(context, *princ, realm); }
int main(int argc, char **argv) { krb5_error_code ret; int optidx = 0; setprogname(argv[0]); ret = krb5_init_context (&context); if (ret == KRB5_CONFIG_BADFORMAT) errx (1, "krb5_init_context failed to parse configuration file"); else if (ret) errx(1, "krb5_init_context failed: %d", ret); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); if (help_flag) usage (0); if(version_flag){ print_version(NULL); exit(0); } argc -= optidx; argv += optidx; if (argc == 0) { help(NULL, argc, argv); return 1; } if (ccache_string) { ret = krb5_cc_resolve(context, ccache_string, &id); if (ret) krb5_err(context, 1, ret, "krb5_cc_resolve"); } ret = sl_command (commands, argc, argv); if (ret == -1) { help(NULL, argc, argv); return 1; } return ret; }
static int HandleOP(AcquireCreds) { char *name, *password; int32_t gsm_error, flags, handle = 0; krb5_principal principal = NULL; krb5_get_init_creds_opt *opt = NULL; krb5_error_code ret; retstring(c, name); retstring(c, password); ret32(c, flags); logmessage(c, __FILE__, __LINE__, 0, "username: %s password: %s", name, password); ret = krb5_parse_name(context, name, &principal); if (ret) { gsm_error = convert_krb5_to_gsm(ret); goto out; } ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); krb5_get_init_creds_opt_set_pa_password(context, opt, password, NULL); gsm_error = acquire_cred(c, principal, opt, &handle); out: logmessage(c, __FILE__, __LINE__, 0, "AcquireCreds handle: %d return code: %d", handle, gsm_error); if (opt) krb5_get_init_creds_opt_free (context, opt); if (principal) krb5_free_principal(context, principal); free(name); free(password); put32(c, gsm_error); put32(c, handle); return 0; }
static void eval_kdestroy(heim_dict_t o) { heim_string_t ccache = heim_dict_get_value(o, HSTR("ccache"));; krb5_error_code ret; const char *name; krb5_ccache cc; heim_assert(ccache != NULL, "ccache_missing"); name = heim_string_get_utf8(ccache); ret = krb5_cc_resolve(kdc_context, name, &cc); if (ret) krb5_err(kdc_context, 1, ret, "krb5_cc_resolve"); krb5_cc_destroy(kdc_context, cc); }
int main(int argc, char **argv) { struct testcase *t; krb5_context context; krb5_error_code ret; int val = 0; ret = krb5_init_context (&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); for (t = tests; t->enctype != 0; ++t) { krb5_keyblock key; krb5_keyblock *dkey; key.keytype = KEYTYPE_DES3; key.keyvalue.length = MAXSIZE; key.keyvalue.data = t->key; ret = krb5_derive_key(context, &key, t->enctype, t->constant, t->constant_len, &dkey); if (ret) krb5_err (context, 1, ret, "krb5_derive_key"); if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) { const unsigned char *p = dkey->keyvalue.data; int i; printf ("derive_key failed\n"); printf ("should be: "); for (i = 0; i < dkey->keyvalue.length; ++i) printf ("%02x", t->res[i]); printf ("\nresult was: "); for (i = 0; i < dkey->keyvalue.length; ++i) printf ("%02x", p[i]); printf ("\n"); val = 1; } krb5_free_keyblock(context, dkey); } krb5_free_context(context); return val; }
ssize_t do_write (int fd, void *buf, size_t sz, void *ivec) { if (do_encrypt) { #ifdef KRB5 if(auth_method == AUTH_KRB5) { krb5_error_code status; krb5_data data; unsigned char len[4]; int ret; _krb5_put_int(len, sz, 4); if(ivec != NULL) { unsigned char *tmp = malloc(sz + 4); if(tmp == NULL) err(1, "malloc"); _krb5_put_int(tmp, sz, 4); memcpy(tmp + 4, buf, sz); status = krb5_encrypt_ivec(context, crypto, key_usage, tmp, sz + 4, &data, ivec); free(tmp); } else status = krb5_encrypt_ivec(context, crypto, key_usage, buf, sz, &data, ivec); if (status) krb5_err(context, 1, status, "encrypting data"); ret = krb5_net_write (context, &fd, len, 4); if (ret != 4) return ret; ret = krb5_net_write (context, &fd, data.data, data.length); if (ret != data.length) return ret; free (data.data); return sz; } else #endif /* KRB5 */ abort(); } else return write (fd, buf, sz); }
static int dump_database (krb5_context context, int type, const char *database, HDB *db) { krb5_error_code ret; struct prop_data pd; krb5_data data; pd.context = context; pd.auth_context = NULL; pd.sock = STDOUT_FILENO; iterate (context, database, db, type, &pd); krb5_data_zero (&data); ret = krb5_write_message (context, &pd.sock, &data); if (ret) krb5_err(context, 1, ret, "krb5_write_message"); return 0; }
static void print_keys(krb5_context context, Key *keys, size_t nkeys) { krb5_error_code ret; char *str; int i; printf("keys:\n"); for (i = 0; i < nkeys; i++) { ret = krb5_enctype_to_string(context, keys[i].key.keytype, &str); if (ret) krb5_err(context, ret, 1, "krb5_enctype_to_string: %d\n", (int)keys[i].key.keytype); printf("\tenctype %s", str); free(str); if (keys[i].salt) { printf(" salt: "); switch (keys[i].salt->type) { case KRB5_PW_SALT: printf("pw-salt:"); break; case KRB5_AFS3_SALT: printf("afs3-salt:"); break; default: printf("unknown salt: %d", keys[i].salt->type); break; } if (keys[i].salt->salt.length) printf("%.*s", (int)keys[i].salt->salt.length, (char *)keys[i].salt->salt.data); } printf("\n"); } printf("end keys:\n"); }
static krb5_error_code plugin_send_to_realm(krb5_context context, void *ctx, krb5_const_realm realm, time_t timeout, const krb5_data *in, krb5_data *out) { int ret; krb5_kdc_update_time(NULL); ret = krb5_kdc_process_request(kdc_context, kdc_config, in->data, in->length, out, NULL, astr, (struct sockaddr *)&sa, 0); if (ret) krb5_err(kdc_context, 1, ret, "krb5_kdc_process_request"); return 0; }
int digest_probe(struct digest_probe_options *opt, int argc, char ** argv) { krb5_error_code ret; krb5_realm realm; unsigned flags; realm = opt->realm_string; if (realm == NULL) errx(1, "realm missing"); ret = krb5_digest_probe(context, realm, id, &flags); if (ret) krb5_err(context, 1, ret, "digest_probe"); printf("flags: %u\n", flags); return 0; }
static void test_move(krb5_context context, const char *type) { const krb5_cc_ops *ops; krb5_ccache fromid, toid; krb5_error_code ret; krb5_principal p, p2; ops = krb5_cc_get_prefix_ops(context, type); if (ops == NULL) return; ret = krb5_cc_new_unique(context, type, NULL, &fromid); if (ret == KRB5_CC_NOSUPP) return; else if (ret) krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_parse_name(context, "*****@*****.**", &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); ret = krb5_cc_initialize(context, fromid, p); if (ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); ret = krb5_cc_new_unique(context, type, NULL, &toid); if (ret) krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_cc_initialize(context, toid, p); if (ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); ret = krb5_cc_get_principal(context, toid, &p2); if (ret) krb5_err(context, 1, ret, "krb5_cc_get_principal"); if (krb5_principal_compare(context, p, p2) == FALSE) krb5_errx(context, 1, "p != p2"); krb5_free_principal(context, p); krb5_free_principal(context, p2); krb5_cc_destroy(context, toid); krb5_cc_destroy(context, fromid); }
int iprop_dump(struct dump_options *opt, int argc, char **argv) { kadm5_server_context *server_context; krb5_error_code ret; server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_init (server_context); if (ret) krb5_err (context, 1, ret, "kadm5_log_init"); ret = kadm5_log_foreach (server_context, print_entry, NULL); if(ret) krb5_warn(context, ret, "kadm5_log_foreach"); ret = kadm5_log_end (server_context); if (ret) krb5_warn(context, ret, "kadm5_log_end"); return 0; }
int main(int argc, char **argv) { krb5_context context; int ret, o = 0; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &o)) krb5_std_usage(1, args, num_args); if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag){ print_version(NULL); exit(0); } ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_context failed: %d", ret); if (mkey_file) { hdb_master_key mkey; ret = hdb_read_master_key(context, mkey_file, &mkey); if (ret) krb5_err(context, 1, ret, "failed to read master key %s", mkey_file); hdb_free_master_key(context, mkey); } else krb5_errx(context, 1, "no command option given"); krb5_free_context(context); return 0; }
int main(int argc, char **argv) { krb5_context context; krb5_error_code ret; int optidx = 0, errors = 0; krb5_principal client; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); if (help_flag) usage (0); if(version_flag){ print_version(NULL); exit(0); } if(client_str == NULL) errx(1, "client is not set"); ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); ret = krb5_parse_name(context, client_str, &client); if (ret) krb5_err(context, 1, ret, "krb5_parse_name: %d", ret); test_get_init_creds(context, client); krb5_free_context(context); return errors; }
static void test_cache_iter(krb5_context context, const char *type, int destroy) { krb5_cc_cache_cursor cursor; krb5_error_code ret; krb5_ccache id; ret = krb5_cc_cache_get_first (context, type, &cursor); if (ret == KRB5_CC_NOSUPP) return; else if (ret) krb5_err(context, 1, ret, "krb5_cc_cache_get_first(%s)", type); while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) { krb5_principal principal; char *name; if (debug_flag) printf("name: %s\n", krb5_cc_get_name(context, id)); ret = krb5_cc_get_principal(context, id, &principal); if (ret == 0) { ret = krb5_unparse_name(context, principal, &name); if (ret == 0) { if (debug_flag) printf("\tprincipal: %s\n", name); free(name); } krb5_free_principal(context, principal); } if (destroy) krb5_cc_destroy(context, id); else krb5_cc_close(context, id); } krb5_cc_cache_end_seq_get(context, cursor); }
static char * get_user_realm(krb5_context context) { krb5_error_code ret; char *user_realm = NULL; /* * If memory allocation fails, we don't try to use the wrong realm, * that will trigger misleading error messages complicate support. */ krb5_appdefault_string(context, "kinit", NULL, "user_realm", "", &user_realm); if (user_realm == NULL) { ret = krb5_enomem(context); krb5_err(context, 1, ret, "krb5_appdefault_string"); } if (*user_realm == 0) { free(user_realm); user_realm = NULL; } return user_realm; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_principal principal; ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_context"); ret = krb5_parse_name(context, "*****@*****.**", &principal); if (ret) krb5_err(context, ret, 1, "krb5_parse_name"); parse_file(context, principal, 0); parse_file(context, principal, 1); krb5_free_principal(context, principal); krb5_free_context(context); return 0; }
static void test_copy(krb5_context context, const char *from, const char *to) { krb5_ccache fromid, toid; krb5_error_code ret; krb5_principal p, p2; ret = krb5_parse_name(context, "*****@*****.**", &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); ret = krb5_cc_new_unique(context, from, NULL, &fromid); if (ret) krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_cc_initialize(context, fromid, p); if (ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); ret = krb5_cc_new_unique(context, to, NULL, &toid); if (ret) krb5_err(context, 1, ret, "krb5_cc_gen_new"); ret = krb5_cc_copy_cache(context, fromid, toid); if (ret) krb5_err(context, 1, ret, "krb5_cc_copy_cache"); ret = krb5_cc_get_principal(context, toid, &p2); if (ret) krb5_err(context, 1, ret, "krb5_cc_get_principal"); if (krb5_principal_compare(context, p, p2) == FALSE) krb5_errx(context, 1, "p != p2"); krb5_free_principal(context, p); krb5_free_principal(context, p2); krb5_cc_destroy(context, fromid); krb5_cc_destroy(context, toid); }
static void test_mcc_default(void) { krb5_context context; krb5_error_code ret; krb5_ccache id, id2; int i; for (i = 0; i < 10; i++) { ret = krb5_init_context(&context); if (ret) krb5_err(context, 1, ret, "krb5_init_context"); ret = krb5_cc_set_default_name(context, "MEMORY:foo"); if (ret) krb5_err(context, 1, ret, "krb5_cc_set_default_name"); ret = krb5_cc_default(context, &id); if (ret) krb5_err(context, 1, ret, "krb5_cc_default"); ret = krb5_cc_default(context, &id2); if (ret) krb5_err(context, 1, ret, "krb5_cc_default"); ret = krb5_cc_close(context, id); if (ret) krb5_err(context, 1, ret, "krb5_cc_close"); ret = krb5_cc_close(context, id2); if (ret) krb5_err(context, 1, ret, "krb5_cc_close"); krb5_free_context(context); } }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_ccache ccache; krb5_principal principal = NULL; int optidx = 0; krb5_deltat ticket_life = 0; #ifdef HAVE_SIGACTION struct sigaction sa; #endif setprogname(argv[0]); setlocale(LC_ALL, ""); bindtextdomain("heimdal_kuser", HEIMDAL_LOCALEDIR); textdomain("heimdal_kuser"); ret = krb5_init_context(&context); if (ret == KRB5_CONFIG_BADFORMAT) errx(1, "krb5_init_context failed to parse configuration file"); else if (ret) errx(1, "krb5_init_context failed: %d", ret); if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); if (help_flag) usage(0); if (version_flag) { print_version(NULL); exit(0); } argc -= optidx; argv += optidx; /* * Open the keytab now, we use the keytab to determine the principal's * realm when the requested principal has no realm. */ if (use_keytab || keytab_str) { if (keytab_str) ret = krb5_kt_resolve(context, keytab_str, &kt); else ret = krb5_kt_default(context, &kt); if (ret) krb5_err(context, 1, ret, "resolving keytab"); } if (pk_enterprise_flag) { ret = krb5_pk_enterprise_cert(context, pk_user_id, argv[0], &principal, &ent_user_id); if (ret) krb5_err(context, 1, ret, "krb5_pk_enterprise_certs"); pk_user_id = NULL; } else if (anonymous_flag) { ret = krb5_make_principal(context, &principal, argv[0], KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, NULL); if (ret) krb5_err(context, 1, ret, "krb5_make_principal"); krb5_principal_set_type(context, principal, KRB5_NT_WELLKNOWN); } else if (use_keytab || keytab_str) { get_princ_kt(context, &principal, argv[0]); } else { get_princ(context, &principal, argv[0]); } if (fcache_version) krb5_set_fcache_version(context, fcache_version); if (renewable_flag == -1) /* this seems somewhat pointless, but whatever */ krb5_appdefault_boolean(context, "kinit", krb5_principal_get_realm(context, principal), "renewable", FALSE, &renewable_flag); if (do_afslog == -1) krb5_appdefault_boolean(context, "kinit", krb5_principal_get_realm(context, principal), "afslog", TRUE, &do_afslog); if (cred_cache) ret = krb5_cc_resolve(context, cred_cache, &ccache); else { if (argc > 1) { char s[1024]; ret = krb5_cc_new_unique(context, NULL, NULL, &ccache); if (ret) krb5_err(context, 1, ret, "creating cred cache"); snprintf(s, sizeof(s), "%s:%s", krb5_cc_get_type(context, ccache), krb5_cc_get_name(context, ccache)); setenv("KRB5CCNAME", s, 1); } else { ret = krb5_cc_cache_match(context, principal, &ccache); if (ret) { const char *type; ret = krb5_cc_default(context, &ccache); if (ret) krb5_err(context, 1, ret, N_("resolving credentials cache", "")); /* * Check if the type support switching, and we do, * then do that instead over overwriting the current * default credential */ type = krb5_cc_get_type(context, ccache); if (krb5_cc_support_switch(context, type)) { krb5_cc_close(context, ccache); ret = get_switched_ccache(context, type, principal, &ccache); } } } } if (ret) krb5_err(context, 1, ret, N_("resolving credentials cache", "")); #ifndef NO_AFS if (argc > 1 && k_hasafs()) k_setpag(); #endif if (lifetime) { int tmp = parse_time(lifetime, "s"); if (tmp < 0) errx(1, N_("unparsable time: %s", ""), lifetime); ticket_life = tmp; } if (addrs_flag == 0 && extra_addresses.num_strings > 0) krb5_errx(context, 1, N_("specifying both extra addresses and " "no addresses makes no sense", "")); { int i; krb5_addresses addresses; memset(&addresses, 0, sizeof(addresses)); for(i = 0; i < extra_addresses.num_strings; i++) { ret = krb5_parse_address(context, extra_addresses.strings[i], &addresses); if (ret == 0) { krb5_add_extra_addresses(context, &addresses); krb5_free_addresses(context, &addresses); } } free_getarg_strings(&extra_addresses); } if (renew_flag || validate_flag) { ret = renew_validate(context, renew_flag, validate_flag, ccache, server_str, ticket_life); #ifndef NO_AFS if (ret == 0 && server_str == NULL && do_afslog && k_hasafs()) krb5_afslog(context, ccache, NULL, NULL); #endif exit(ret != 0); } ret = get_new_tickets(context, principal, ccache, ticket_life, 1); if (ret) exit(1); #ifndef NO_AFS if (ret == 0 && server_str == NULL && do_afslog && k_hasafs()) krb5_afslog(context, ccache, NULL, NULL); #endif if (argc > 1) { struct renew_ctx ctx; time_t timeout; timeout = ticket_lifetime(context, ccache, principal, server_str, NULL) / 2; ctx.context = context; ctx.ccache = ccache; ctx.principal = principal; ctx.ticket_life = ticket_life; ctx.timeout = timeout; #ifdef HAVE_SIGACTION memset(&sa, 0, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_handler = handle_siginfo; sigaction(SIGINFO, &sa, NULL); #endif ret = simple_execvp_timed(argv[1], argv+1, renew_func, &ctx, timeout); #define EX_NOEXEC 126 #define EX_NOTFOUND 127 if (ret == EX_NOEXEC) krb5_warnx(context, N_("permission denied: %s", ""), argv[1]); else if (ret == EX_NOTFOUND) krb5_warnx(context, N_("command not found: %s", ""), argv[1]); krb5_cc_destroy(context, ccache); #ifndef NO_AFS if (k_hasafs()) k_unlog(); #endif } else { krb5_cc_close(context, ccache); ret = 0; } krb5_free_principal(context, principal); if (kt) krb5_kt_close(context, kt); krb5_free_context(context); return ret; }
static void get_princ_kt(krb5_context context, krb5_principal *principal, char *name) { krb5_error_code ret; krb5_principal tmp; krb5_ccache ccache; krb5_kt_cursor cursor; krb5_keytab_entry entry; char *def_realm; if (name == NULL) { /* * If the credential cache exists and specifies a client principal, * use that. */ if (krb5_cc_default(context, &ccache) == 0) { ret = krb5_cc_get_principal(context, ccache, principal); krb5_cc_close(context, ccache); if (ret == 0) return; } } if (name) { /* If the principal specifies an explicit realm, just use that. */ int parseflags = KRB5_PRINCIPAL_PARSE_NO_DEF_REALM; parse_name_realm(context, name, parseflags, NULL, &tmp); if (krb5_principal_get_realm(context, tmp) != NULL) { *principal = tmp; return; } } else { /* Otherwise, search keytab for bare name of the default principal. */ get_default_principal(context, &tmp); set_princ_realm(context, tmp, NULL); } def_realm = get_default_realm(context); ret = krb5_kt_start_seq_get(context, kt, &cursor); if (ret) krb5_err(context, 1, ret, "krb5_kt_start_seq_get"); while (ret == 0 && krb5_kt_next_entry(context, kt, &entry, &cursor) == 0) { const char *realm; if (!krb5_principal_compare_any_realm(context, tmp, entry.principal)) continue; if (*principal && krb5_principal_compare(context, *principal, entry.principal)) continue; /* The default realm takes precedence */ realm = krb5_principal_get_realm(context, entry.principal); if (*principal && strcmp(def_realm, realm) == 0) { krb5_free_principal(context, *principal); ret = krb5_copy_principal(context, entry.principal, principal); break; } if (!*principal) ret = krb5_copy_principal(context, entry.principal, principal); } if (ret != 0 || (ret = krb5_kt_end_seq_get(context, kt, &cursor)) != 0) krb5_err(context, 1, ret, "get_princ_kt"); if (!*principal) { if (name) parse_name_realm(context, name, 0, NULL, principal); else krb5_err(context, 1, KRB5_CC_NOTFOUND, "get_princ_kt"); } krb5_free_principal(context, tmp); free(def_realm); }