diff options
author | Tom Yu <tlyu@mit.edu> | 2007-01-30 21:38:47 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2007-01-30 21:38:47 +0000 |
commit | 1f857634ae3b549e8c328727adbdaa9e9f403d4f (patch) | |
tree | b844c1d94274f80180c4c439d1a2bdf75115be08 /src/clients/kpasswd | |
parent | ebcf51877b1a69217830ebfe4047bc8a27fe4436 (diff) | |
download | krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.zip krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.tar.gz krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.tar.bz2 |
get_init_creds_opt extensibility
r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500
First cut at making the get_init_creds_opt structure extendable
and adding library functions to set options for preauthentication
plugins.
This does *not* include a compatibility function to work like
Heimdal's krb5_get_init_creds_opt_set_pkinit() function.
Hopefully, the test code that doesn't belong in kinit.c is
obvious.
r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500
Remove extra "user_id" parameter.
Add function which duplicates the Heimdal interface (if we can agree on
what the matching attribute names should be).
r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500
Update to use the simplified interface for krb5_get_init_creds_opt_set_pa()
Add code in kinit to process "-X" options as preauth options and pass
them along.
r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500
Move prototypes for get_init_creds_opt_get_pa() and
krb5_get_init_creds_opt_free_pa() into the
preauth_plugin.h header rather than krb5.hin.
ticket: new
status: open
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/kpasswd')
-rw-r--r-- | src/clients/kpasswd/kpasswd.c | 22 | ||||
-rw-r--r-- | src/clients/kpasswd/ksetpwd.c | 23 |
2 files changed, 28 insertions, 17 deletions
diff --git a/src/clients/kpasswd/kpasswd.c b/src/clients/kpasswd/kpasswd.c index 95e33ff..204a8bf 100644 --- a/src/clients/kpasswd/kpasswd.c +++ b/src/clients/kpasswd/kpasswd.c @@ -49,7 +49,7 @@ int main(int argc, char *argv[]) krb5_principal princ; char *pname; krb5_ccache ccache; - krb5_get_init_creds_opt opts; + krb5_get_init_creds_opt *opts = NULL; krb5_creds creds; char pw[1024]; @@ -102,26 +102,31 @@ int main(int argc, char *argv[]) get_name_from_passwd_file(argv[0], context, &princ); } - krb5_get_init_creds_opt_init(&opts); - krb5_get_init_creds_opt_set_tkt_life(&opts, 5*60); - krb5_get_init_creds_opt_set_renew_life(&opts, 0); - krb5_get_init_creds_opt_set_forwardable(&opts, 0); - krb5_get_init_creds_opt_set_proxiable(&opts, 0); + if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) { + com_err(argv[0], ret, "allocating krb5_get_init_creds_opt"); + exit(1); + } + krb5_get_init_creds_opt_set_tkt_life(opts, 5*60); + krb5_get_init_creds_opt_set_renew_life(opts, 0); + krb5_get_init_creds_opt_set_forwardable(opts, 0); + krb5_get_init_creds_opt_set_proxiable(opts, 0); if ((ret = krb5_get_init_creds_password(context, &creds, princ, NULL, krb5_prompter_posix, NULL, - 0, "kadmin/changepw", &opts))) { + 0, "kadmin/changepw", opts))) { if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) com_err(argv[0], 0, "Password incorrect while getting initial ticket"); else com_err(argv[0], ret, "getting initial ticket"); + krb5_get_init_creds_opt_free(context, opts); exit(1); } pwlen = sizeof(pw); if ((ret = krb5_read_password(context, P1, P2, pw, &pwlen))) { com_err(argv[0], ret, "while reading password"); + krb5_get_init_creds_opt_free(context, opts); exit(1); } @@ -129,6 +134,7 @@ int main(int argc, char *argv[]) &result_code, &result_code_string, &result_string))) { com_err(argv[0], ret, "changing password"); + krb5_get_init_creds_opt_free(context, opts); exit(1); } @@ -138,6 +144,7 @@ int main(int argc, char *argv[]) result_string.length?": ":"", (int) result_string.length, result_string.data ? result_string.data : ""); + krb5_get_init_creds_opt_free(context, opts); exit(2); } @@ -145,6 +152,7 @@ int main(int argc, char *argv[]) free(result_string.data); if (result_code_string.data != NULL) free(result_code_string.data); + krb5_get_init_creds_opt_free(context, opts); printf("Password changed.\n"); exit(0); diff --git a/src/clients/kpasswd/ksetpwd.c b/src/clients/kpasswd/ksetpwd.c index 148e686..2eec397 100644 --- a/src/clients/kpasswd/ksetpwd.c +++ b/src/clients/kpasswd/ksetpwd.c @@ -34,8 +34,6 @@ static void get_init_creds_opt_init( krb5_get_init_creds_opt *outOptions ) { krb5_preauthtype preauth[] = { KRB5_PADATA_ENC_TIMESTAMP }; krb5_enctype etypes[] = {ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_CRC}; - memset( outOptions, 0, sizeof(*outOptions) ); - krb5_get_init_creds_opt_init(outOptions); krb5_get_init_creds_opt_set_address_list(outOptions, NULL); krb5_get_init_creds_opt_set_etype_list( outOptions, etypes, sizeof(etypes)/sizeof(krb5_enctype) ); krb5_get_init_creds_opt_set_preauth_list(outOptions, preauth, sizeof(preauth)/sizeof(krb5_preauthtype) ); @@ -128,17 +126,21 @@ static kbrccache_t userinitcontext( } if( kres != 0 || have_credentials == 0 ) { - krb5_get_init_creds_opt options; - get_init_creds_opt_init(&options); + krb5_get_init_creds_opt *options = NULL; + kres = krb5_get_init_creds_opt_alloc(kcontext, &options); + if ( kres == 0 ) + { + get_init_creds_opt_init(options); /* ** no valid credentials - get new ones */ - kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass, - NULL /*prompter*/, - NULL /*data*/, - 0 /*starttime*/, - 0 /*in_tkt_service*/, - &options /*options*/ ); + kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass, + NULL /*prompter*/, + NULL /*data*/, + 0 /*starttime*/, + 0 /*in_tkt_service*/, + options /*options*/ ); + } if( kres == 0 ) { if( numCreds <= 0 ) @@ -148,6 +150,7 @@ static kbrccache_t userinitcontext( if( kres == 0 ) have_credentials = 1; } + krb5_get_init_creds_opt_free(kcontext, options); } #ifdef NOTUSED if( have_credentials ) |