KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds) { krb5_kdc_flags flags; flags.i = 0; return krb5_get_credentials_with_flags(context, options, flags, ccache, in_creds, out_creds); }
/* * Request: * NameZ * ServerPrincipal * KDCFlags * EncryptionType * * Repsonse: * */ static krb5_error_code kcm_op_get_ticket(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *request, krb5_storage *response) { krb5_error_code ret; kcm_ccache ccache; char *name; krb5_principal server = NULL; krb5_ccache_data ccdata; krb5_creds in, *out; krb5_kdc_flags flags; memset(&in, 0, sizeof(in)); ret = krb5_ret_stringz(request, &name); if (ret) return ret; KCM_LOG_REQUEST_NAME(context, client, opcode, name); ret = krb5_ret_uint32(request, &flags.i); if (ret) { free(name); return ret; } ret = krb5_ret_int32(request, &in.session.keytype); if (ret) { free(name); return ret; } ret = krb5_ret_principal(request, &server); if (ret) { free(name); return ret; } ret = kcm_ccache_resolve_client(context, client, opcode, name, &ccache); if (ret) { krb5_free_principal(context, server); free(name); return ret; } HEIMDAL_MUTEX_lock(&ccache->mutex); /* Fake up an internal ccache */ kcm_internal_ccache(context, ccache, &ccdata); in.client = ccache->client; in.server = server; in.times.endtime = 0; /* glue cc layer will store creds */ ret = krb5_get_credentials_with_flags(context, 0, flags, &ccdata, &in, &out); HEIMDAL_MUTEX_unlock(&ccache->mutex); krb5_free_principal(context, server); if (ret == 0) krb5_free_cred_contents(context, out); kcm_release_ccache(context, ccache); free(name); return ret; }
static krb5_error_code get_cache_principal(krb5_context context, krb5_ccache *id, krb5_principal *client) { krb5_error_code ret; const char *name, *inst; krb5_principal p1, p2; ret = krb5_cc_default(context, id); if(ret) { *id = NULL; return ret; } ret = krb5_cc_get_principal(context, *id, &p1); if(ret) { krb5_cc_close(context, *id); *id = NULL; return ret; } ret = krb5_make_principal(context, &p2, NULL, "kadmin", "admin", NULL); if (ret) { krb5_cc_close(context, *id); *id = NULL; krb5_free_principal(context, p1); return ret; } { krb5_creds in, *out; krb5_kdc_flags flags; flags.i = 0; memset(&in, 0, sizeof(in)); in.client = p1; in.server = p2; /* check for initial ticket kadmin/admin */ ret = krb5_get_credentials_with_flags(context, KRB5_GC_CACHED, flags, *id, &in, &out); krb5_free_principal(context, p2); if (ret == 0) { if (out->flags.b.initial) { *client = p1; krb5_free_creds(context, out); return 0; } krb5_free_creds(context, out); } } krb5_cc_close(context, *id); *id = NULL; name = krb5_principal_get_comp_string(context, p1, 0); inst = krb5_principal_get_comp_string(context, p1, 1); if(inst == NULL || strcmp(inst, "admin") != 0) { ret = krb5_make_principal(context, &p2, NULL, name, "admin", NULL); krb5_free_principal(context, p1); if(ret != 0) return ret; *client = p2; return 0; } *client = p1; return 0; }
int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; krb5_ccache cache; krb5_creds in, *out; krb5_kdc_flags flags; int optind = 0; flags.i = 0; ret = krb5_init_context (&context); if (ret) errx(1, "krb5_init_context failed: %d", ret); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); if (help_flag) usage (0); if(version_flag) { print_version(NULL); exit(0); } argc -= optind; argv += optind; if (argc != 1) usage (1); ret = krb5_cc_default(context, &cache); if (ret) krb5_err (context, 1, ret, "krb5_cc_default"); if(cache_str) { ret = krb5_cc_resolve(context, cache_str, &cache); if (ret) krb5_err (context, 1, ret, "%s", cache_str); } else { ret = krb5_cc_default (context, &cache); if (ret) krb5_err (context, 1, ret, "krb5_cc_resolve"); } memset(&in, 0, sizeof(in)); if (etype_str) { krb5_enctype enctype; ret = krb5_string_to_enctype(context, etype_str, &enctype); if (ret) krb5_errx (context, 1, "unrecognized enctype: %s", etype_str); in.session.keytype = enctype; } ret = krb5_cc_get_principal(context, cache, &in.client); if (ret) krb5_err (context, 1, ret, "krb5_cc_get_principal"); ret = krb5_parse_name(context, argv[0], &in.server); if (ret) krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]); if (!transit_check) flags.b.disable_transited_check = 1; if (canonicalize) flags.b.canonicalize = 1; in.times.endtime = 0; ret = krb5_get_credentials_with_flags(context, 0, flags, cache, &in, &out); if (ret) krb5_err (context, 1, ret, "krb5_get_credentials"); krb5_free_cred_contents(context, out); return 0; }