diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-04-08 16:50:13 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-04-08 16:50:13 +0000 |
| commit | d6e26457b71c41531a500965cd6eb67c00bda1c3 (patch) | |
| tree | 5266ace706c67baf32ec64e2484d50f04f18670c /src/lib/krb5/keytab | |
| parent | b7208a8261ed15d9e3136c75ce7c252d9717effb (diff) | |
| download | krb5-d6e26457b71c41531a500965cd6eb67c00bda1c3.tar.gz krb5-d6e26457b71c41531a500965cd6eb67c00bda1c3.tar.xz krb5-d6e26457b71c41531a500965cd6eb67c00bda1c3.zip | |
Add k5_kt_get_principal, an internal krb5 interface to try to get a
principal name from a keytab. Used currently by vfy_increds.c (in
place of its static helper); will also be used when querying the name
of the default gss-krb5 acceptor cred.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24859 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/keytab')
| -rw-r--r-- | src/lib/krb5/keytab/ktfns.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c index a06689c4dc..53d0b83648 100644 --- a/src/lib/krb5/keytab/ktfns.c +++ b/src/lib/krb5/keytab/ktfns.c @@ -97,4 +97,36 @@ krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, { return krb5_x((keytab)->ops->end_get,(context, keytab, cursor)); } + +/* + * In a couple of places we need to get a principal name from a keytab: when + * verifying credentials against a keytab, and when querying the name of a + * default GSS acceptor cred. Keytabs do not have the concept of a default + * principal like ccaches do, so for now we just return the first principal + * listed in the keytab, or an error if it's not iterable. In the future we + * could consider elevating this to a public API and giving keytab types an + * operation to return a default principal, and maybe extending the file format + * and tools to support it. Returns KRB5_KT_NOTFOUND if the keytab is empty + * or non-iterable. + */ +krb5_error_code +k5_kt_get_principal(krb5_context context, krb5_keytab keytab, + krb5_principal *princ_out) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kte; + + *princ_out = NULL; + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) + return KRB5_KT_NOTFOUND; + ret = krb5_kt_next_entry(context, keytab, &kte, &cursor); + (void)krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) + return (ret == KRB5_KT_END) ? KRB5_KT_NOTFOUND : ret; + ret = krb5_copy_principal(context, kte.principal, princ_out); + krb5_kt_free_entry(context, &kte); + return ret; +} #endif /* LEAN_CLIENT */ |