krb5_error_code _kadm5_c_get_cred_cache(krb5_context context, const char *client_name, const char *server_name, const char *password, krb5_prompter_fct prompter, const char *keytab, krb5_ccache ccache, krb5_ccache *ret_cache) { krb5_error_code ret; krb5_ccache id = NULL; krb5_principal default_client = NULL, client = NULL; /* treat empty password as NULL */ if(password && *password == '\0') password = NULL; if(server_name == NULL) server_name = KADM5_ADMIN_SERVICE; if(client_name != NULL) { ret = krb5_parse_name(context, client_name, &client); if(ret) return ret; } if(ccache != NULL) { id = ccache; ret = krb5_cc_get_principal(context, id, &client); if(ret) return ret; } else { /* get principal from default cache, ok if this doesn't work */ ret = get_cache_principal(context, &id, &default_client); if (ret) { /* * No client was specified by the caller and we cannot * determine the client from a credentials cache. */ const char *user; user = get_default_username (); if(user == NULL) { krb5_set_error_message(context, KADM5_FAILURE, "Unable to find local user name"); return KADM5_FAILURE; } ret = krb5_make_principal(context, &default_client, NULL, user, "admin", NULL); if(ret) return ret; } } /* * No client was specified by the caller, but we have a client * from the default credentials cache. */ if (client == NULL && default_client != NULL) client = default_client; if(id && client && (default_client == NULL || krb5_principal_compare(context, client, default_client) != 0)) { ret = get_kadm_ticket(context, id, client, server_name); if(ret == 0) { *ret_cache = id; krb5_free_principal(context, default_client); if (default_client != client) krb5_free_principal(context, client); return 0; } if(ccache != NULL) /* couldn't get ticket from cache */ return -1; } /* get creds via AS request */ if(id && (id != ccache)) krb5_cc_close(context, id); if (client != default_client) krb5_free_principal(context, default_client); ret = get_new_cache(context, client, password, prompter, keytab, server_name, ret_cache); krb5_free_principal(context, client); return ret; }
krb5_error_code _kadm5_c_get_cred_cache(krb5_context context, const char *client_name, const char *server_name, const char *password, krb5_prompter_fct prompter, const char *keytab, krb5_ccache ccache, krb5_ccache *ret_cache) { krb5_error_code ret; krb5_ccache id = NULL; krb5_principal default_client = NULL, client = NULL; /* treat empty password as NULL */ if(password && *password == '\0') password = NULL; if(server_name == NULL) server_name = KADM5_ADMIN_SERVICE; if(client_name != NULL) { ret = krb5_parse_name(context, client_name, &client); if(ret) return ret; } if(password != NULL || prompter != NULL) { /* get principal from default cache, ok if this doesn't work */ ret = krb5_cc_default(context, &id); if(ret == 0) { ret = krb5_cc_get_principal(context, id, &default_client); if(ret) { krb5_cc_close(context, id); id = NULL; } else { const char *name, *inst; krb5_principal tmp; name = krb5_principal_get_comp_string(context, default_client, 0); inst = krb5_principal_get_comp_string(context, default_client, 1); if(inst == NULL || strcmp(inst, "admin") != 0) { ret = krb5_make_principal(context, &tmp, NULL, name, "admin", NULL); if(ret != 0) { krb5_free_principal(context, default_client); if (client) krb5_free_principal(context, client); krb5_cc_close(context, id); return ret; } krb5_free_principal(context, default_client); default_client = tmp; krb5_cc_close(context, id); id = NULL; } } } if (client != NULL) { /* A client was specified by the caller. */ if (default_client != NULL) { krb5_free_principal(context, default_client); default_client = NULL; } } else if (default_client != NULL) /* No client was specified by the caller, but we have a * client from the default credentials cache. */ client = default_client; else { /* No client was specified by the caller and we cannot determine * the client from a credentials cache. */ const char *user; user = get_default_username (); if(user == NULL) return KADM5_FAILURE; ret = krb5_make_principal(context, &client, NULL, user, "admin", NULL); if(ret) return ret; if (id != NULL) { krb5_cc_close(context, id); id = NULL; } } } else if(ccache != NULL) { id = ccache; ret = krb5_cc_get_principal(context, id, &client); if(ret) return ret; } if(id && (default_client == NULL || krb5_principal_compare(context, client, default_client))) { ret = get_kadm_ticket(context, id, client, server_name); if(ret == 0) { *ret_cache = id; krb5_free_principal(context, default_client); if (default_client != client) krb5_free_principal(context, client); return 0; } if(ccache != NULL) /* couldn't get ticket from cache */ return -1; } /* get creds via AS request */ if(id && (id != ccache)) krb5_cc_close(context, id); if (client != default_client) krb5_free_principal(context, default_client); ret = get_new_cache(context, client, password, prompter, keytab, server_name, ret_cache); krb5_free_principal(context, client); return ret; }