diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2012-07-10 10:14:52 -0400 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2013-11-04 13:51:14 -0500 |
| commit | 29dee7d2cece615bec4616fa9b727e77210051db (patch) | |
| tree | ff7e66cc2638a317144e75d99ec7006dd50d7df1 /src/slave | |
| parent | 0415740bb569bad53b18f4483837e7e037f88544 (diff) | |
| download | krb5-29dee7d2cece615bec4616fa9b727e77210051db.tar.gz krb5-29dee7d2cece615bec4616fa9b727e77210051db.tar.xz krb5-29dee7d2cece615bec4616fa9b727e77210051db.zip | |
Avoid deprecated krb5_get_in_tkt_with_keytab
The kprop code has been pretty unloved, and uses some routines that
are marked as deprecated (which show up as warnings in the build log).
Use the documented replacement for krb5_get_in_tkt_with_keytab,
krb5_get_init_creds_keytab, instead. As a bonus, there is no longer
a side effect of a credentials cache that needs to be destroyed.
The also-deprecated function krb5_get_in_tkt_with_skey was backending
to it when no keyblock was passed in; we can unroll the call to
krb5_get_init_creds_keytab ourselves as the documented workaround.
While here, improve style compliance with regards to cleanup.
The setkey test just wants to know whether it can use the key it
just put into a keytab to get credentials; as such the recommended
krb5_get_init_creds_keytab is quite sufficient.
While here, use that interface to request the particular enctype
as well, reducing the scope of an XXX comment.
ticket: 6366
Diffstat (limited to 'src/slave')
| -rw-r--r-- | src/slave/kprop.c | 34 |
1 files changed, 13 insertions, 21 deletions
diff --git a/src/slave/kprop.c b/src/slave/kprop.c index b668147dc1..f1fcc21a77 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -188,9 +188,10 @@ void get_tickets(context) krb5_context context; { char const ccname[] = "MEMORY:kpropcc"; - char *def_realm; + char *def_realm, *server; krb5_error_code retval; krb5_keytab keytab = NULL; + krb5_principal server_princ = NULL; /* * Figure out what tickets we'll be using to send stuff @@ -253,19 +254,17 @@ void get_tickets(context) memset(&creds, 0, sizeof(creds)); retval = krb5_sname_to_principal(context, slave_host, KPROP_SERVICE_NAME, - KRB5_NT_SRV_HST, &creds.server); + KRB5_NT_SRV_HST, &server_princ); if (retval) { com_err(progname, errno, _("while setting server principal name")); (void) krb5_cc_destroy(context, ccache); exit(1); } - if (realm) { - retval = krb5_set_principal_realm(context, creds.server, realm); - if (retval) { - com_err(progname, errno, - _("while setting server principal realm")); - exit(1); - } + retval = krb5_unparse_name_flags(context, server_princ, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server); + if (retval) { + com_err(progname, retval, _("while unparsing server name")); + exit(1); } /* @@ -286,10 +285,10 @@ void get_tickets(context) } } - retval = krb5_get_in_tkt_with_keytab(context, 0, 0, NULL, - NULL, keytab, ccache, &creds, 0); + retval = krb5_get_init_creds_keytab(context, &creds, my_principal, + keytab, 0, server, NULL); if (retval) { - com_err(progname, retval, _("while getting initial ticket\n")); + com_err(progname, retval, _("while getting initial credentials\n")); (void) krb5_cc_destroy(context, ccache); exit(1); } @@ -297,15 +296,8 @@ void get_tickets(context) if (keytab) (void) krb5_kt_close(context, keytab); - /* - * Now destroy the cache right away --- the credentials we - * need will be in my_creds. - */ - retval = krb5_cc_destroy(context, ccache); - if (retval) { - com_err(progname, retval, _("while destroying ticket cache")); - exit(1); - } + krb5_free_unparsed_name(context, server); + krb5_free_principal(context, server_princ); } static void |