diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2012-07-10 10:14:52 -0400 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2013-11-04 13:51:14 -0500 |
| commit | 29dee7d2cece615bec4616fa9b727e77210051db (patch) | |
| tree | ff7e66cc2638a317144e75d99ec7006dd50d7df1 /src/lib/krb5 | |
| parent | 0415740bb569bad53b18f4483837e7e037f88544 (diff) | |
| download | krb5-29dee7d2cece615bec4616fa9b727e77210051db.tar.gz krb5-29dee7d2cece615bec4616fa9b727e77210051db.tar.xz krb5-29dee7d2cece615bec4616fa9b727e77210051db.zip | |
Avoid deprecated krb5_get_in_tkt_with_keytab
The kprop code has been pretty unloved, and uses some routines that
are marked as deprecated (which show up as warnings in the build log).
Use the documented replacement for krb5_get_in_tkt_with_keytab,
krb5_get_init_creds_keytab, instead. As a bonus, there is no longer
a side effect of a credentials cache that needs to be destroyed.
The also-deprecated function krb5_get_in_tkt_with_skey was backending
to it when no keyblock was passed in; we can unroll the call to
krb5_get_init_creds_keytab ourselves as the documented workaround.
While here, improve style compliance with regards to cleanup.
The setkey test just wants to know whether it can use the key it
just put into a keytab to get credentials; as such the recommended
krb5_get_init_creds_keytab is quite sufficient.
While here, use that interface to request the particular enctype
as well, reducing the scope of an XXX comment.
ticket: 6366
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/krb/in_tkt_sky.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index b11e694ddd..7a8922623c 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -78,23 +78,29 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, int use_master = 0; krb5_get_init_creds_opt *opts = NULL; + retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes, + pre_auth_types, creds); + if (retval) + return retval; + + retval = krb5_get_init_creds_opt_set_out_ccache(context, opts, ccache); + if (retval) + goto cleanup; + #ifndef LEAN_CLIENT if (key == NULL) { - return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, - pre_auth_types, NULL, ccache, - creds, ret_as_reply); + retval = krb5_get_init_creds_keytab(context, creds, creds->client, + NULL /* keytab */, + creds->times.starttime, + NULL /* in_tkt_service */, + opts); + goto cleanup; } #endif /* LEAN_CLIENT */ - retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes, - pre_auth_types, creds); - if (retval) - return retval; retval = krb5_unparse_name(context, creds->server, &server); - if (retval) { - krb5_get_init_creds_opt_free(context, opts); - return retval; - } + if (retval) + goto cleanup; server_princ = creds->server; client_princ = creds->client; retval = k5_get_init_creds(context, creds, creds->client, @@ -102,15 +108,13 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, get_as_key_skey, (void *)key, &use_master, ret_as_reply); krb5_free_unparsed_name(context, server); - krb5_get_init_creds_opt_free(context, opts); if (retval) - return retval; + goto cleanup; krb5_free_principal( context, creds->server); krb5_free_principal( context, creds->client); creds->client = client_princ; creds->server = server_princ; - /* store it in the ccache! */ - if (ccache) - retval = krb5_cc_store_cred(context, ccache, creds); +cleanup: + krb5_get_init_creds_opt_free(context, opts); return retval; } |