[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kinit 524 conversion only
Earlier Chris Chiappa provided a patch which makes kinit -4 -R work; For
simplicity this patch includes that one, and also adds --524convert
--524convert is basically take an existing v5 ticket and convert; Don't
prompt me for a password, don't renew, and don't validate, and that's
exactly how it's implemented
The lack of k524init got annoying because I kept trying to use it and
losing.
-D
--- /usr/tmp/heimdal/sandbox/heimdal/kuser/kinit.c Sat Mar 17 03:01:37 2001
+++ /usr/tmp/kinit.c Sat Mar 24 14:20:42 2001
@@ -164,6 +164,7 @@
int renewable_flag = -1;
int renew_flag = 0;
int validate_flag = 0;
+int convert_flag = 0;
int version_flag = 0;
int help_flag = 0;
int addrs_flag = 1;
@@ -189,6 +190,9 @@
{ "afslog", 0 , arg_flag, &do_afslog,
"obtain afs tokens" },
+
+ { "524convert", 0 , arg_flag, &convert_flag,
+ "convert existing TGT to version 4" },
#endif
{ "cache", 'c', arg_string, &cred_cache,
"credentials cache", "cachename" },
@@ -252,18 +256,47 @@
exit (ret);
}
+static void
+convert_524(krb5_context context,
+ krb5_ccache cache,
+ krb5_creds *creds)
+{
+ CREDENTIALS c;
+ int tret, cret;
+
+ if(!get_v4_tgt)
+ return;
+
+ cret = krb524_convert_creds_kdc(context, cache, creds, &c);
+ if(cret)
+ krb5_warn(context, cret, "converting creds");
+ else
+ {
+ tret = tf_setup(&c, c.pname, c.pinst);
+ if(tret)
+ warnx("saving v4 creds: %s", krb_get_err_text(tret));
+ }
+ memset(&c, 0, sizeof(c));
+
+ return;
+}
+
static int
-renew_validate(krb5_context context,
- int renew,
- int validate,
- krb5_ccache cache,
- const char *server,
- krb5_deltat life)
+renew_validate_convert(krb5_context context,
+ int renew,
+ int validate,
+ int convert,
+ krb5_ccache cache,
+ const char *server,
+ krb5_deltat life)
{
krb5_error_code ret;
krb5_creds in, *out;
krb5_kdc_flags flags;
+ if (convert)
+ get_v4_tgt=1;
+
memset(&in, 0, sizeof(in));
ret = krb5_cc_get_principal(context, cache, &in.client);
@@ -298,7 +331,7 @@
flags.b.request_anonymous = anonymous_flag;
if(life)
in.times.endtime = time(NULL) + life;
-
+
ret = krb5_get_kdc_cred(context,
cache,
flags,
@@ -317,6 +350,14 @@
goto out;
}
ret = krb5_cc_store_cred(context, cache, out);
+#ifdef KRB4
+ if(!ret) {
+ convert_524(context, cache, out);
+
+ if(do_afslog && k_hasafs())
+ krb5_afslog(context, cache, NULL, NULL);
+ }
+#endif
krb5_free_creds (context, out);
if(ret) {
krb5_warn(context, ret, "krb5_cc_store_cred");
@@ -409,9 +450,10 @@
ticket_life = tmp;
}
- if(renew_flag || validate_flag) {
- ret = renew_validate(context, renew_flag, validate_flag,
- ccache, server, ticket_life);
+ if(renew_flag || validate_flag || convert_flag) {
+ ret = renew_validate_convert(context, renew_flag, validate_flag,
+ convert_flag, ccache, server,
+ ticket_life);
exit(ret != 0);
}
@@ -564,11 +606,15 @@
#ifdef KRB4
if(get_v4_tgt) {
CREDENTIALS c;
+ int tret;
ret = krb524_convert_creds_kdc(context, ccache, &cred, &c);
if(ret)
krb5_warn(context, ret, "converting creds");
- else
- tf_setup(&c, c.pname, c.pinst);
+ else {
+ tret = tf_setup(&c, c.pname, c.pinst);
+ if(tret)
+ warnx("saving v4 creds: %s", krb_get_err_text(tret));
+ }
memset(&c, 0, sizeof(c));
}
if(do_afslog && k_hasafs())
- References:
- kinit -4 -R
- From: Chris Chiappa <griffon+heimdal-discuss@snurgle.org>