3 files changed, 78 insertions, 7 deletions
diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog
index 85330fb888..75f9fa8529 100644
--- a/src/clients/kinit/ChangeLog
+++ b/src/clients/kinit/ChangeLog
@@ -1,3 +1,14 @@
+Sun Jul  7 15:21:58 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
+
+	* kinit.M: Document -R option.
+
+	* kinit.c (krb5_tgt_gen): Code from krb5_validate_tgt() modified
+	to handle both renewal and validation of postdated tickets. 
+	(krb5_renew_tgt): Takes a credential cache with a tgt with the
+	"renewable flag" set and asks ths kdc to renew it. Cache is wiped
+	and only new tgt is stored.
+	(main): New option -R to renew tickets.
+
 Fri May  3 00:28:10 1996  Mark Eichin  <eichin@cygnus.com>
 
 	* kinit.c (krb5_validate_tgt): new function, takes a credential
diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M
index d9c70abda8..9d05b2d589 100644
--- a/src/clients/kinit/kinit.M
+++ b/src/clients/kinit/kinit.M
@@ -31,6 +31,8 @@ kinit \- obtain and cache Kerberos ticket-granting ticket
 .B \-s
 .I starttime
 ] [
+.B \-v
+] [
 .B \-p
 ] [
 .B \-f
@@ -38,6 +40,8 @@ kinit \- obtain and cache Kerberos ticket-granting ticket
 .B \-r
 .I rlife
 ] [
+.B \-R
+] [
 .B \-c
 .I cachename
 ]
@@ -58,7 +62,11 @@ The
 option specifies the start time, and causes you to get a postdated ticket. 
 Postdated tickets are issued with the 
 .I invalid
-flag set, and needs to be fed back to the kdc before use.
+flag set, and needs to be fed back to the kdc before use. This may be
+accomplished by using the 
+.B \-v
+option. 
+.PP
 The
 .B \-p
 option specifies that the PROXIABLE option should be requested for the
@@ -73,7 +81,11 @@ The
 .B \-r
 .I rlife
 option specifies that the RENEWABLE option should be requested for the
-ticket, and specifies the desired total lifetime of the ticket.
+ticket, and specifies the desired total lifetime of the ticket. To renew
+the ticket, the 
+.B \-R
+option is used. Note that you must renew the ticket before it has
+expired. 
 .PP
 The
 .B \-c
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index bb2109e0bf..555b1b8610 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -90,7 +90,7 @@ main(argc, argv)
     if (strrchr(argv[0], '/'))
 	argv[0] = strrchr(argv[0], '/')+1;
 
-    while ((option = getopt(argc, argv, "r:fpl:s:c:kt:v")) != EOF) {
+    while ((option = getopt(argc, argv, "r:Rfpl:s:c:kt:v")) != EOF) {
 	switch (option) {
 	case 'r':
 	    options |= KDC_OPT_RENEWABLE;
@@ -100,6 +100,10 @@ main(argc, argv)
 		errflg++;
 	    }
 	    break;
+	case 'R':
+	    /* renew the ticket */
+	    options |= KDC_OPT_RENEW;
+	    break;
 	case 'v':
 	    /* validate the ticket */
 	    options |= KDC_OPT_VALIDATE;
@@ -182,7 +186,7 @@ main(argc, argv)
     }
 
     if (errflg) {
-	fprintf(stderr, "Usage: %s [-r time] [-puf] [-l lifetime] [-c cachename] [-k] [-t keytab] [principal]\n", argv[0]);
+	fprintf(stderr, "Usage: %s [-r time] [-R] [-s time] [-v] [-puf] [-l lifetime] [-c cachename] [-k] [-t keytab] [principal]\n", argv[0]);
 	exit(2);
     }
 
@@ -284,6 +288,19 @@ main(argc, argv)
 	/* should be done... */
 	exit(0);
     }
+
+    if (options & KDC_OPT_RENEW) {
+        /* don't use get_in_tkt, just use mk_req... */
+        krb5_data outbuf;
+
+        code = krb5_renew_tgt(kcontext, ccache, server, &outbuf);
+	if (code) {
+	  com_err (argv[0], code, "renewing tgt");
+	  exit(1);
+	}
+	/* should be done... */
+	exit(0);
+    }
 #ifndef NO_KEYTAB
     if (!use_keytab)
 #endif
@@ -341,6 +358,9 @@ main(argc, argv)
     exit(0);
 }
 
+#define VALIDATE 0
+#define RENEW 1
+
 /* stripped down version of krb5_mk_req */
 krb5_error_code krb5_validate_tgt(context, ccache, server, outbuf)
      krb5_context context;
@@ -348,6 +368,28 @@ krb5_error_code krb5_validate_tgt(context, ccache, server, outbuf)
      krb5_principal	  server; /* tgtname */
      krb5_data *outbuf;
 {
+	return krb5_tgt_gen(context, ccache, server, outbuf, VALIDATE);
+}
+
+/* stripped down version of krb5_mk_req */
+krb5_error_code krb5_renew_tgt(context, ccache, server, outbuf)
+     krb5_context context;
+     krb5_ccache ccache;
+     krb5_principal	  server; /* tgtname */
+     krb5_data *outbuf;
+{
+	return krb5_tgt_gen(context, ccache, server, outbuf, RENEW);
+}
+
+
+/* stripped down version of krb5_mk_req */
+krb5_error_code krb5_tgt_gen(context, ccache, server, outbuf, opt)
+     krb5_context context;
+     krb5_ccache ccache;
+     krb5_principal	  server; /* tgtname */
+     krb5_data *outbuf;
+     int opt;
+{
     krb5_auth_context   * auth_context = 0;
     const krb5_flags      ap_req_options;
     krb5_data           * in_data;
@@ -364,9 +406,15 @@ krb5_error_code krb5_validate_tgt(context, ccache, server, outbuf)
     if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)))
 	goto cleanup_creds;
 
-    if ((retval = krb5_get_credentials_validate(context, 0,
-						ccache, &creds, &credsp)))
-	goto cleanup_creds;
+    if(opt == VALIDATE) {
+	    if ((retval = krb5_get_credentials_validate(context, 0,
+							ccache, &creds, &credsp)))
+		    goto cleanup_creds;
+    } else {
+	    if ((retval = krb5_get_credentials_renew(context, 0,
+							ccache, &creds, &credsp)))
+		    goto cleanup_creds;
+    }
 
     /* we don't actually need to do the mk_req, just get the creds. */
 cleanup_creds: