diff options
| author | Sam Hartman <hartmans@mit.edu> | 2009-12-23 21:10:59 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2009-12-23 21:10:59 +0000 |
| commit | af2f4ca5428145c11f1635a5be59dc868c0adf28 (patch) | |
| tree | e57afcbc04d1847fdf324a603410d5454fb598aa | |
| parent | 09b1601762ce24164a053074585d94c902318b7d (diff) | |
| download | krb5-af2f4ca5428145c11f1635a5be59dc868c0adf28.zip krb5-af2f4ca5428145c11f1635a5be59dc868c0adf28.tar.gz krb5-af2f4ca5428145c11f1635a5be59dc868c0adf28.tar.bz2 | |
Add support for kadmin -n
Add support for the -n option to kadmin to support anonymous
* kadm5_init_anonymous: new API
* kadmin.c: use it
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/anonymous@23512 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/kadmin/cli/kadmin.c | 21 | ||||
| -rw-r--r-- | src/lib/kadm5/admin.h | 7 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/client_init.c | 19 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/libkadm5clnt.exports | 1 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/libkadm5srv.exports | 1 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/server_init.c | 13 |
6 files changed, 55 insertions, 7 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index c8cb3fb..7677301 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -119,7 +119,7 @@ usage() { fprintf(stderr, "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n" - "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n" + "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n]\n" "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n" "where,\n\t[-x db_args]* - any number of database specific arguments.\n" "\t\t\tLook at each database documentation for supported arguments\n", @@ -238,7 +238,7 @@ kadmin_startup(int argc, char *argv[]) char *princstr = NULL, *keytab_name = NULL, *query = NULL; char *password = NULL; char *luser, *canon, *cp; - int optchar, freeprinc = 0, use_keytab = 0; + int optchar, freeprinc = 0, use_keytab = 0, use_anonymous = 0; struct passwd *pw; kadm5_ret_t retval; krb5_ccache cc; @@ -270,7 +270,7 @@ kadmin_startup(int argc, char *argv[]) exit(1); } - while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) { + while ((optchar = getopt(argc, argv, "x:r:p:knq:w:d:s:mc:t:e:ON")) != EOF) { switch (optchar) { case 'x': db_args_size++; @@ -296,7 +296,10 @@ kadmin_startup(int argc, char *argv[]) case 'k': use_keytab++; break; - case 't': + case 'n': + use_anonymous++; + break; + case 't': keytab_name = optarg; break; case 'w': @@ -349,7 +352,9 @@ kadmin_startup(int argc, char *argv[]) } } if ((ccache_name && use_keytab) || - (keytab_name && !use_keytab)) + (keytab_name && !use_keytab) + || (ccache_name && use_anonymous) + || (use_anonymous &&use_keytab)) usage(); if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) { @@ -487,6 +492,12 @@ kadmin_startup(int argc, char *argv[]) retval = kadm5_init_with_creds(context, princstr, cc, svcname, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, db_args, &handle); + } else if ( use_anonymous) { + printf("Authenticating as principal %s with password; anonymous requested.\n", + princstr); + retval = kadm5_init_anonymous(context, princstr, svcname, ¶ms, + KADM5_STRUCT_VERSION, + KADM5_API_VERSION_3, db_args, &handle); } else if (use_keytab) { if (keytab_name) printf("Authenticating as principal %s with keytab %s.\n", diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 4196a19..653b2cf 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -338,6 +338,13 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, krb5_ui_4 api_version, char **db_args, void **server_handle); +kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle); kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, char *pass, diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index 735bcc2..c9b53b4 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -59,7 +59,7 @@ #define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" -enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS }; +enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS , INIT_ANONYMOUS}; static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name, @@ -129,6 +129,19 @@ kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, api_version, db_args, server_handle); } +kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) +{ + return _kadm5_init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL, + service_name, params, struct_version, + api_version, db_args, server_handle); +} + kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, char *service_name, kadm5_config_params *params, @@ -558,9 +571,11 @@ kadm5_gic_iter(kadm5_server_handle_t handle, krb5_get_init_creds_opt_set_forwardable(opt, 0); krb5_get_init_creds_opt_set_proxiable(opt, 0); krb5_get_init_creds_opt_set_out_ccache(ctx, opt, ccache); + if (init_type == INIT_ANONYMOUS) + krb5_get_init_creds_opt_set_anonymous(opt, 1); } - if (init_type == INIT_PASS) { + if (init_type == INIT_PASS || init_type == INIT_ANONYMOUS) { code = krb5_get_init_creds_password(ctx, &outcreds, client, pass, krb5_prompter_posix, NULL, 0, diff --git a/src/lib/kadm5/clnt/libkadm5clnt.exports b/src/lib/kadm5/clnt/libkadm5clnt.exports index 6174847..5e81580 100644 --- a/src/lib/kadm5/clnt/libkadm5clnt.exports +++ b/src/lib/kadm5/clnt/libkadm5clnt.exports @@ -24,6 +24,7 @@ kadm5_get_principal kadm5_get_principals kadm5_get_privs kadm5_init +kadm5_init_anonymous kadm5_init_krb5_context kadm5_init_with_creds kadm5_init_with_password diff --git a/src/lib/kadm5/srv/libkadm5srv.exports b/src/lib/kadm5/srv/libkadm5srv.exports index 35745be..d8d3b22 100644 --- a/src/lib/kadm5/srv/libkadm5srv.exports +++ b/src/lib/kadm5/srv/libkadm5srv.exports @@ -40,6 +40,7 @@ kadm5_get_principal_keys kadm5_get_principals kadm5_get_privs kadm5_init +kadm5_init_anonymous kadm5_init_krb5_context kadm5_init_with_creds kadm5_init_with_password diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index ed71cbf..1941d93 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -104,6 +104,19 @@ kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, server_handle); } +kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) +{ + return kadm5_init(context, client_name, NULL, service_name, params, + struct_version, api_version, db_args, + server_handle); +} + kadm5_ret_t kadm5_init_with_creds(krb5_context context, char *client_name, krb5_ccache ccache, |