diff options
Diffstat (limited to 'src/clients/kinit/kinit.c')
-rw-r--r-- | src/clients/kinit/kinit.c | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 58ebec1323..e2a0f089b3 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -122,6 +122,9 @@ struct k_opts int num_pa_opts; krb5_gic_opt_pa_data *pa_opts; + + int canonicalize; + int enterprise; }; struct k5_data @@ -145,6 +148,8 @@ struct option long_options[] = { { "forwardable", 0, NULL, 'f' }, { "proxiable", 0, NULL, 'p' }, { "noaddresses", 0, NULL, 'A' }, + { "canonicalize", 0, NULL, 'C' }, + { "enterprise", 0, NULL, 'E' }, { NULL, 0, NULL, 0 } }; @@ -159,15 +164,19 @@ usage() #define USAGE_BREAK "\n\t" #ifdef GETOPT_LONG -#define USAGE_LONG_FORWARDABLE " | --forwardable | --noforwardable" -#define USAGE_LONG_PROXIABLE " | --proxiable | --noproxiable" -#define USAGE_LONG_ADDRESSES " | --addresses | --noaddresses" +#define USAGE_LONG_FORWARDABLE " | --forwardable | --noforwardable" +#define USAGE_LONG_PROXIABLE " | --proxiable | --noproxiable" +#define USAGE_LONG_ADDRESSES " | --addresses | --noaddresses" +#define USAGE_LONG_CANONICALIZE " | --canonicalize" +#define USAGE_LONG_ENTERPRISE " | --enterprise" #define USAGE_BREAK_LONG USAGE_BREAK #else -#define USAGE_LONG_FORWARDABLE "" -#define USAGE_LONG_PROXIABLE "" -#define USAGE_LONG_ADDRESSES "" -#define USAGE_BREAK_LONG "" +#define USAGE_LONG_FORWARDABLE "" +#define USAGE_LONG_PROXIABLE "" +#define USAGE_LONG_ADDRESSES "" +#define USAGE_LONG_CANONICALIZE "" +#define USAGE_LONG_ENTERPRISE "" +#define USAGE_BREAK_LONG "" #endif fprintf(stderr, "Usage: %s [-V] " @@ -179,6 +188,10 @@ usage() "[-p | -P" USAGE_LONG_PROXIABLE "] " USAGE_BREAK_LONG "[-a | -A" USAGE_LONG_ADDRESSES "] " + USAGE_BREAK_LONG + "[-C" USAGE_LONG_CANONICALIZE "] " + USAGE_BREAK + "[-E" USAGE_LONG_ENTERPRISE "] " USAGE_BREAK "[-v] [-R] " "[-k [-t keytab_file]] " @@ -202,6 +215,8 @@ usage() fprintf(stderr, "\t-A do not include addresses\n"); fprintf(stderr, "\t-v validate\n"); fprintf(stderr, "\t-R renew\n"); + fprintf(stderr, "\t-C canonicalize\n"); + fprintf(stderr, "\t-E client is enterprise principal name\n"); fprintf(stderr, "\t-k use keytab\n"); fprintf(stderr, "\t-t filename of keytab to use\n"); fprintf(stderr, "\t-c Kerberos 5 cache name\n"); @@ -263,7 +278,7 @@ parse_options(argc, argv, opts) int errflg = 0; int i; - while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:")) + while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:CE")) != -1) { switch (i) { case 'V': @@ -355,6 +370,12 @@ parse_options(argc, argv, opts) errflg++; } break; + case 'C': + opts->canonicalize = 1; + break; + case 'E': + opts->enterprise = 1; + break; case '4': fprintf(stderr, "Kerberos 4 is no longer supported\n"); exit(3); @@ -403,6 +424,7 @@ k5_begin(opts, k5) struct k5_data* k5; { krb5_error_code code = 0; + int flags = opts->enterprise ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0; code = krb5_init_context(&k5->ctx); if (code) { @@ -430,8 +452,8 @@ k5_begin(opts, k5) if (opts->principal_name) { /* Use specified name */ - if ((code = krb5_parse_name(k5->ctx, opts->principal_name, - &k5->me))) { + if ((code = krb5_parse_name_flags(k5->ctx, opts->principal_name, + flags, &k5->me))) { com_err(progname, code, "when parsing name %s", opts->principal_name); return 0; @@ -461,8 +483,8 @@ k5_begin(opts, k5) fprintf(stderr, "Unable to identify user\n"); return 0; } - if ((code = krb5_parse_name(k5->ctx, name, - &k5->me))) + if ((code = krb5_parse_name_flags(k5->ctx, name, + flags, &k5->me))) { com_err(progname, code, "when parsing name %s", name); @@ -549,6 +571,8 @@ k5_kinit(opts, k5) krb5_get_init_creds_opt_set_proxiable(options, 1); if (opts->not_proxiable) krb5_get_init_creds_opt_set_proxiable(options, 0); + if (opts->canonicalize) + krb5_get_init_creds_opt_set_canonicalize(options, 1); if (opts->addresses) { krb5_address **addresses = NULL; @@ -631,7 +655,8 @@ k5_kinit(opts, k5) goto cleanup; } - code = krb5_cc_initialize(k5->ctx, k5->cc, k5->me); + code = krb5_cc_initialize(k5->ctx, k5->cc, + opts->canonicalize ? my_creds.client : k5->me); if (code) { com_err(progname, code, "when initializing cache %s", opts->k5_cache_name?opts->k5_cache_name:""); |