summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/kadm5/unit-test/setkey-test.c22
-rw-r--r--src/lib/krb5/krb/in_tkt_sky.c36
-rw-r--r--src/slave/kprop.c34
3 files changed, 46 insertions, 46 deletions
diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c
index c1b9c5d1f..4da236e09 100644
--- a/src/lib/kadm5/unit-test/setkey-test.c
+++ b/src/lib/kadm5/unit-test/setkey-test.c
@@ -63,6 +63,7 @@ main(int argc, char **argv)
krb5_keytab_entry ktent;
krb5_encrypt_block eblock;
krb5_creds my_creds;
+ krb5_get_init_creds_opt *opt;
kadm5_principal_ent_rec princ_ent;
krb5_principal princ, server;
char pw[16];
@@ -138,8 +139,8 @@ main(int argc, char **argv)
* For each enctype in the test, construct a random password/key.
* Assign all keys to principal with kadm5_setkey_principal. Add
* each key to the keytab, and acquire an initial ticket with the
- * keytab (XXX can I specify the enctype & kvno explicitly?). If
- * krb5_get_in_tkt_with_keytab succeeds, then the keys were set
+ * keytab (XXX can I specify the kvno explicitly?). If
+ * krb5_get_init_creds_keytab succeeds, then the keys were set
* successfully.
*/
for (test = 0; tests[test] != NULL; test++) {
@@ -191,13 +192,16 @@ main(int argc, char **argv)
my_creds.server = server;
ktypes[0] = testp[encnum].enctype;
- ret = krb5_get_in_tkt_with_keytab(context,
- 0 /* options */,
- NULL /* addrs */,
- ktypes,
- NULL /* preauth */,
- kt, 0,
- &my_creds, 0);
+ ret = krb5_get_init_creds_opt_allocate(context, &opt);
+ if (ret) {
+ com_err(whoami, ret, "while allocating gic opts");
+ exit(1);
+ }
+ krb5_get_init_creds_opt_set_etype_list(opt, ktypes, 1);
+ ret = krb5_get_init_creds_keytab(context, &my_creds, princ,
+ kt, 0, NULL /* in_tkt_service */,
+ opt);
+ krb5_get_init_creds_opt_free(context, opt);
if (ret) {
com_err(whoami, ret, "while acquiring initial ticket");
exit(1);
diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c
index b11e694dd..7a8922623 100644
--- a/src/lib/krb5/krb/in_tkt_sky.c
+++ b/src/lib/krb5/krb/in_tkt_sky.c
@@ -78,23 +78,29 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
int use_master = 0;
krb5_get_init_creds_opt *opts = NULL;
+ retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+ pre_auth_types, creds);
+ if (retval)
+ return retval;
+
+ retval = krb5_get_init_creds_opt_set_out_ccache(context, opts, ccache);
+ if (retval)
+ goto cleanup;
+
#ifndef LEAN_CLIENT
if (key == NULL) {
- return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes,
- pre_auth_types, NULL, ccache,
- creds, ret_as_reply);
+ retval = krb5_get_init_creds_keytab(context, creds, creds->client,
+ NULL /* keytab */,
+ creds->times.starttime,
+ NULL /* in_tkt_service */,
+ opts);
+ goto cleanup;
}
#endif /* LEAN_CLIENT */
- retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
- pre_auth_types, creds);
- if (retval)
- return retval;
retval = krb5_unparse_name(context, creds->server, &server);
- if (retval) {
- krb5_get_init_creds_opt_free(context, opts);
- return retval;
- }
+ if (retval)
+ goto cleanup;
server_princ = creds->server;
client_princ = creds->client;
retval = k5_get_init_creds(context, creds, creds->client,
@@ -102,15 +108,13 @@ krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
get_as_key_skey, (void *)key, &use_master,
ret_as_reply);
krb5_free_unparsed_name(context, server);
- krb5_get_init_creds_opt_free(context, opts);
if (retval)
- return retval;
+ goto cleanup;
krb5_free_principal( context, creds->server);
krb5_free_principal( context, creds->client);
creds->client = client_princ;
creds->server = server_princ;
- /* store it in the ccache! */
- if (ccache)
- retval = krb5_cc_store_cred(context, ccache, creds);
+cleanup:
+ krb5_get_init_creds_opt_free(context, opts);
return retval;
}
diff --git a/src/slave/kprop.c b/src/slave/kprop.c
index b668147dc..f1fcc21a7 100644
--- a/src/slave/kprop.c
+++ b/src/slave/kprop.c
@@ -188,9 +188,10 @@ void get_tickets(context)
krb5_context context;
{
char const ccname[] = "MEMORY:kpropcc";
- char *def_realm;
+ char *def_realm, *server;
krb5_error_code retval;
krb5_keytab keytab = NULL;
+ krb5_principal server_princ = NULL;
/*
* Figure out what tickets we'll be using to send stuff
@@ -253,19 +254,17 @@ void get_tickets(context)
memset(&creds, 0, sizeof(creds));
retval = krb5_sname_to_principal(context,
slave_host, KPROP_SERVICE_NAME,
- KRB5_NT_SRV_HST, &creds.server);
+ KRB5_NT_SRV_HST, &server_princ);
if (retval) {
com_err(progname, errno, _("while setting server principal name"));
(void) krb5_cc_destroy(context, ccache);
exit(1);
}
- if (realm) {
- retval = krb5_set_principal_realm(context, creds.server, realm);
- if (retval) {
- com_err(progname, errno,
- _("while setting server principal realm"));
- exit(1);
- }
+ retval = krb5_unparse_name_flags(context, server_princ,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server);
+ if (retval) {
+ com_err(progname, retval, _("while unparsing server name"));
+ exit(1);
}
/*
@@ -286,10 +285,10 @@ void get_tickets(context)
}
}
- retval = krb5_get_in_tkt_with_keytab(context, 0, 0, NULL,
- NULL, keytab, ccache, &creds, 0);
+ retval = krb5_get_init_creds_keytab(context, &creds, my_principal,
+ keytab, 0, server, NULL);
if (retval) {
- com_err(progname, retval, _("while getting initial ticket\n"));
+ com_err(progname, retval, _("while getting initial credentials\n"));
(void) krb5_cc_destroy(context, ccache);
exit(1);
}
@@ -297,15 +296,8 @@ void get_tickets(context)
if (keytab)
(void) krb5_kt_close(context, keytab);
- /*
- * Now destroy the cache right away --- the credentials we
- * need will be in my_creds.
- */
- retval = krb5_cc_destroy(context, ccache);
- if (retval) {
- com_err(progname, retval, _("while destroying ticket cache"));
- exit(1);
- }
+ krb5_free_unparsed_name(context, server);
+ krb5_free_principal(context, server_princ);
}
static void
generated by cgit (git 2.34.1) at 2026-02-25 19:03:54 +0000