summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb/gic_keytab.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/krb/gic_keytab.c')
-rw-r--r--src/lib/krb5/krb/gic_keytab.c194
1 files changed, 97 insertions, 97 deletions
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index 33db55278..ab064ebcd 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/krb5/krb/gic_keytab.c
*
@@ -8,7 +9,7 @@
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
@@ -23,7 +24,7 @@
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
-#ifndef LEAN_CLIENT
+#ifndef LEAN_CLIENT
#include "k5-int.h"
@@ -49,20 +50,20 @@ krb5_get_as_key_keytab(
a new one. */
if (as_key->length) {
- if (as_key->enctype == etype)
- return(0);
+ if (as_key->enctype == etype)
+ return(0);
- krb5_free_keyblock_contents(context, as_key);
- as_key->length = 0;
+ krb5_free_keyblock_contents(context, as_key);
+ as_key->length = 0;
}
if (!krb5_c_valid_enctype(etype))
- return(KRB5_PROG_ETYPE_NOSUPP);
+ return(KRB5_PROG_ETYPE_NOSUPP);
if ((ret = krb5_kt_get_entry(context, keytab, client,
- 0, /* don't have vno available */
- etype, &kt_ent)))
- return(ret);
+ 0, /* don't have vno available */
+ etype, &kt_ent)))
+ return(ret);
ret = krb5_copy_keyblock(context, &kt_ent.key, &kt_key);
@@ -78,93 +79,93 @@ krb5_get_as_key_keytab(
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_keytab(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_keytab arg_keytab,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_get_init_creds_opt *options)
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_keytab arg_keytab,
+ krb5_deltat start_time,
+ char *in_tkt_service,
+ krb5_get_init_creds_opt *options)
{
- krb5_error_code ret, ret2;
- int use_master;
- krb5_keytab keytab;
- krb5_gic_opt_ext *opte = NULL;
+ krb5_error_code ret, ret2;
+ int use_master;
+ krb5_keytab keytab;
+ krb5_gic_opt_ext *opte = NULL;
+
+ if (arg_keytab == NULL) {
+ if ((ret = krb5_kt_default(context, &keytab)))
+ return ret;
+ } else {
+ keytab = arg_keytab;
+ }
- if (arg_keytab == NULL) {
- if ((ret = krb5_kt_default(context, &keytab)))
- return ret;
- } else {
- keytab = arg_keytab;
- }
+ ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
+ "krb5_get_init_creds_keytab");
+ if (ret)
+ return ret;
- ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
- "krb5_get_init_creds_keytab");
- if (ret)
- return ret;
+ use_master = 0;
- use_master = 0;
+ /* first try: get the requested tkt from any kdc */
- /* first try: get the requested tkt from any kdc */
+ ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
+ start_time, in_tkt_service, opte,
+ krb5_get_as_key_keytab, (void *) keytab,
+ &use_master,NULL);
- ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_keytab, (void *) keytab,
- &use_master,NULL);
+ /* check for success */
- /* check for success */
+ if (ret == 0)
+ goto cleanup;
- if (ret == 0)
- goto cleanup;
+ /* If all the kdc's are unavailable fail */
- /* If all the kdc's are unavailable fail */
+ if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
+ goto cleanup;
- if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
- goto cleanup;
+ /* if the reply did not come from the master kdc, try again with
+ the master kdc */
- /* if the reply did not come from the master kdc, try again with
- the master kdc */
+ if (!use_master) {
+ use_master = 1;
- if (!use_master) {
- use_master = 1;
+ ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
+ start_time, in_tkt_service, opte,
+ krb5_get_as_key_keytab, (void *) keytab,
+ &use_master, NULL);
- ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_keytab, (void *) keytab,
- &use_master, NULL);
-
- if (ret2 == 0) {
- ret = 0;
- goto cleanup;
- }
+ if (ret2 == 0) {
+ ret = 0;
+ goto cleanup;
+ }
- /* if the master is unreachable, return the error from the
- slave we were able to contact */
+ /* if the master is unreachable, return the error from the
+ slave we were able to contact */
- if ((ret2 == KRB5_KDC_UNREACH) ||
- (ret2 == KRB5_REALM_CANT_RESOLVE) ||
- (ret2 == KRB5_REALM_UNKNOWN))
- goto cleanup;
+ if ((ret2 == KRB5_KDC_UNREACH) ||
+ (ret2 == KRB5_REALM_CANT_RESOLVE) ||
+ (ret2 == KRB5_REALM_UNKNOWN))
+ goto cleanup;
- ret = ret2;
- }
+ ret = ret2;
+ }
- /* at this point, we have a response from the master. Since we don't
- do any prompting or changing for keytabs, that's it. */
+ /* at this point, we have a response from the master. Since we don't
+ do any prompting or changing for keytabs, that's it. */
cleanup:
- if (opte && krb5_gic_opt_is_shadowed(opte))
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
- if (arg_keytab == NULL)
- krb5_kt_close(context, keytab);
+ if (opte && krb5_gic_opt_is_shadowed(opte))
+ krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+ if (arg_keytab == NULL)
+ krb5_kt_close(context, keytab);
- return(ret);
+ return(ret);
}
krb5_error_code KRB5_CALLCONV
krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
- krb5_address *const *addrs, krb5_enctype *ktypes,
- krb5_preauthtype *pre_auth_types,
- krb5_keytab arg_keytab, krb5_ccache ccache,
- krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+ krb5_address *const *addrs, krb5_enctype *ktypes,
+ krb5_preauthtype *pre_auth_types,
+ krb5_keytab arg_keytab, krb5_ccache ccache,
+ krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
{
krb5_error_code retval;
krb5_gic_opt_ext *opte;
@@ -172,49 +173,48 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
krb5_keytab keytab;
krb5_principal client_princ, server_princ;
int use_master = 0;
-
+
retval = krb5int_populate_gic_opt(context, &opte,
- options, addrs, ktypes,
- pre_auth_types, creds);
+ options, addrs, ktypes,
+ pre_auth_types, creds);
if (retval)
- return retval;
+ return retval;
if (arg_keytab == NULL) {
- retval = krb5_kt_default(context, &keytab);
- if (retval)
- return retval;
+ retval = krb5_kt_default(context, &keytab);
+ if (retval)
+ return retval;
}
else keytab = arg_keytab;
-
+
retval = krb5_unparse_name( context, creds->server, &server);
if (retval)
- goto cleanup;
+ goto cleanup;
server_princ = creds->server;
client_princ = creds->client;
retval = krb5_get_init_creds (context,
- creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opte,
- krb5_get_as_key_keytab, (void *)keytab,
- &use_master, ret_as_reply);
+ creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, opte,
+ krb5_get_as_key_keytab, (void *)keytab,
+ &use_master, ret_as_reply);
krb5_free_unparsed_name( context, server);
krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
if (retval) {
- goto cleanup;
+ goto cleanup;
}
krb5_free_principal(context, creds->server);
krb5_free_principal(context, creds->client);
- creds->client = client_princ;
- creds->server = server_princ;
-
+ creds->client = client_princ;
+ creds->server = server_princ;
+
/* store it in the ccache! */
if (ccache)
- if ((retval = krb5_cc_store_cred(context, ccache, creds)))
- goto cleanup;
- cleanup: if (arg_keytab == NULL)
- krb5_kt_close(context, keytab);
+ if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+ goto cleanup;
+cleanup: if (arg_keytab == NULL)
+ krb5_kt_close(context, keytab);
return retval;
}
#endif /* LEAN_CLIENT */
-
generated by cgit (git 2.34.1) at 2024-09-20 01:20:14 +0000