[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem in output to a kinit process
Sanjay Upadhyay <sanjay@rastrabhasha.com> writes:
> Hi Herald,
> I am trying to make a program which automates a Linux Server to become
> a Member Server of Windows AD. This is done through a web
> interface. The Web Interface CGI code is long, However, the User
> enters details such as Username, Password and windows Domain, KDC etc.
> Everything is fine... I can create the krb5.conf file, as mentioned in
> the Samba-Howto. I can even get it a kerberos ticket manually. However
> when the part of my CGI code tries to automate the ticket requesting
> feature... I get an unusual situation where the kinit process keeps
> waiting for user input.. in my case the CGI program never sends the
> complete page, ie Error or success. Hence everything breaks. The Same
> Part of Code however works very well with RedHat, ie MIT kerberos
> library. I have come to know that kinit takes its input directly from
> tty, however I do not know how to implement that.
Here is a patch for current heimdal that will allow you to read the
password from any file descriptor.
With this patch you can do the equvalent of
echo password | kinit --password-fd=0 principal@REALM
in whatever language you prefer.
Love
--- kuser/kinit.1 23 Jun 2003 11:39:49 -0000 1.25
+++ kuser/kinit.1 15 Sep 2004 20:20:01 -0000
@@ -31,7 +31,7 @@
.\"
.\" $Id: kinit.1,v 1.25 2003/06/23 11:39:49 joda Exp $
.\"
-.Dd May 29, 1998
+.Dd September 15, 2004
.Dt KINIT 1
.Os HEIMDAL
.Sh NAME
@@ -81,6 +81,7 @@
.Fl -extra-addresses= Ns Ar addresses
.Xc
.Oc
+.Op Fl -password-fd= Ns Ar integer
.Op Fl -fcache-version= Ns Ar integer
.Op Fl A | Fl -no-addresses
.Op Fl -anonymous
@@ -184,6 +185,12 @@
.Xc
Request tickets with this particular enctype.
.It Xo
+.Fl -password-fd= Ns Ar fd
+.Xc
+Read the password from the file descriptor
+.Nm fd
+and close it when done.
+.It Xo
.Fl -fcache-version= Ns Ar version
.Xc
Create a credentials cache of version
--- kuser/kinit.c 14 May 2004 20:00:19 -0000 1.114
+++ kuser/kinit.c 15 Sep 2004 21:05:12 -0000
@@ -65,6 +65,7 @@
int do_afslog = -1;
int get_v4_tgt = -1;
int convert_524 = 0;
+int password_fd = -1;
int fcache_version;
char *pk_user_id = NULL;
char *pk_x509_anchors = NULL;
@@ -145,6 +146,9 @@
{ "request-pac", 0, arg_flag, &pac_flag,
"request a Windows PAC" },
+ { "password-fd", 0, arg_integer, &password_fd,
+ "pass in password on the numberd file descriptor" },
+
#ifdef PKINIT
{ "pk-user", 'C', arg_string, &pk_user_id,
"principal's public/private/certificate identifier",
@@ -548,18 +552,30 @@
krb5_get_init_creds_opt_free(opt);
return 0;
} else {
- char *p, *prompt;
+ if (password_fd != -1) {
+ FILE *f;
- krb5_unparse_name (context, principal, &p);
- asprintf (&prompt, "%s's Password: ", p);
- free (p);
-
- if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
- memset(passwd, 0, sizeof(passwd));
- exit(1);
+ f = fdopen(password_fd, "r");
+ if (f == NULL)
+ krb5_errx(context, 1, "Can't open password fd");
+
+ if (fgets(passwd, sizeof(passwd), f) == NULL)
+ krb5_errx(context, 1, "No password on password fd");
+ passwd[strcspn(passwd, "\n")] = '\0';
+ fclose(f);
+ } else {
+ char *p, *prompt;
+
+ krb5_unparse_name (context, principal, &p);
+ asprintf (&prompt, "%s's Password: ", p);
+ free (p);
+
+ if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
+ memset(passwd, 0, sizeof(passwd));
+ exit(1);
+ }
+ free (prompt);
}
-
- free (prompt);
ret = krb5_get_init_creds_password (context,
&cred,
PGP signature