krb5_keyblock *as_key, void *gak_data);
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context, krb5_creds *creds,
- krb5_principal client, krb5_prompter_fct prompter,
- void *prompter_data, krb5_deltat start_time,
- char *in_tkt_service, krb5_gic_opt_ext *gic_options,
- krb5_gic_get_as_key_fct gak, void *gak_data,
- int *master, krb5_kdc_rep **as_reply);
+krb5int_get_init_creds(krb5_context context, krb5_creds *creds,
+ krb5_principal client, krb5_prompter_fct prompter,
+ void *prompter_data, krb5_deltat start_time,
+ char *in_tkt_service, krb5_get_init_creds_opt *options,
+ krb5_gic_get_as_key_fct gak, void *gak_data,
+ int *master, krb5_kdc_rep **as_reply);
krb5_error_code
-krb5int_populate_gic_opt (krb5_context, krb5_gic_opt_ext **,
+krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **,
krb5_flags options, krb5_address *const *addrs,
krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types, krb5_creds *creds);
}
krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context,
- krb5_creds *creds,
- krb5_principal client,
- krb5_prompter_fct prompter,
- void *prompter_data,
- krb5_deltat start_time,
- char *in_tkt_service,
- krb5_gic_opt_ext *options,
- krb5_gic_get_as_key_fct gak_fct,
- void *gak_data,
- int *use_master,
- krb5_kdc_rep **as_reply)
+krb5int_get_init_creds(krb5_context context,
+ krb5_creds *creds,
+ krb5_principal client,
+ krb5_prompter_fct prompter,
+ void *prompter_data,
+ krb5_deltat start_time,
+ char *in_tkt_service,
+ krb5_get_init_creds_opt *opts,
+ krb5_gic_get_as_key_fct gak_fct,
+ void *gak_data,
+ int *use_master,
+ krb5_kdc_rep **as_reply)
{
krb5_error_code ret;
krb5_kdc_req request;
krb5_boolean retry = 0;
struct krb5int_fast_request_state *fast_state = NULL;
krb5_pa_data **out_padata = NULL;
-
+ krb5_gic_opt_ext *options = NULL;
/* initialize everything which will be freed at cleanup */
if (ret)
goto cleanup;
+ ret = krb5int_gic_opt_to_opte(context, opts, &options, 1,
+ "krb5int_get_init_creds");
+ if (ret)
+ goto cleanup;
+
/*
* Set up the basic request structure
*/
krb5_free_kdc_rep(context, local_as_reply);
if (referred_client.realm.data)
krb5_free_data_contents(context, &referred_client.realm);
+ if (krb5_gic_opt_is_shadowed(options)) {
+ krb5_get_init_creds_opt_free(context,
+ (krb5_get_init_creds_opt *)options);
+ }
return(ret);
}
krb5_error_code ret, ret2;
int use_master;
krb5_keytab keytab;
- krb5_gic_opt_ext *opte = NULL;
if (arg_keytab == NULL) {
if ((ret = krb5_kt_default(context, &keytab)))
keytab = arg_keytab;
}
- ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
- "krb5_get_init_creds_keytab");
- if (ret)
- return ret;
-
use_master = 0;
/* first try: get the requested tkt from any kdc */
- ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
- start_time, in_tkt_service, opte,
- get_as_key_keytab, (void *) keytab,
- &use_master,NULL);
+ ret = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+ start_time, in_tkt_service, options,
+ get_as_key_keytab, (void *) keytab,
+ &use_master,NULL);
/* check for success */
if (!use_master) {
use_master = 1;
- ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
- start_time, in_tkt_service, opte,
- get_as_key_keytab, (void *) keytab,
- &use_master, NULL);
+ ret2 = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+ start_time, in_tkt_service, options,
+ get_as_key_keytab, (void *) keytab,
+ &use_master, NULL);
if (ret2 == 0) {
ret = 0;
do any prompting or changing for keytabs, that's it. */
cleanup:
- if (opte && krb5_gic_opt_is_shadowed(opte))
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
if (arg_keytab == NULL)
krb5_kt_close(context, keytab);
krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
{
krb5_error_code retval;
- krb5_gic_opt_ext *opte;
+ krb5_get_init_creds_opt *opts;
char * server = NULL;
krb5_keytab keytab;
krb5_principal client_princ, server_princ;
int use_master = 0;
- retval = krb5int_populate_gic_opt(context, &opte,
+ retval = krb5int_populate_gic_opt(context, &opts,
options, addrs, ktypes,
pre_auth_types, creds);
if (retval)
goto cleanup;
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5_get_init_creds (context,
- creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opte,
- get_as_key_keytab, (void *)keytab,
- &use_master, ret_as_reply);
+ retval = krb5int_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, opts,
+ get_as_key_keytab, (void *)keytab,
+ &use_master, ret_as_reply);
krb5_free_unparsed_name( context, server);
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+ krb5_get_init_creds_opt_free(context, opts);
if (retval) {
goto cleanup;
}
char banner[1024], pw0array[1024], pw1array[1024];
krb5_prompt prompt[2];
krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
- krb5_gic_opt_ext *opte = NULL;
- krb5_gic_opt_ext *chpw_opte = NULL;
use_master = 0;
as_reply = NULL;
pw1.data[0] = '\0';
pw1.length = sizeof(pw1array);
- ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
- "krb5_get_init_creds_password");
- if (ret)
- goto cleanup;
-
/* first try: get the requested tkt from any kdc */
- ret = krb5_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
/* check for success */
krb5_free_kdc_rep( context, as_reply);
as_reply = NULL;
}
- ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret2 = krb5int_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
if (ret2 == 0) {
ret = 0;
krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0);
krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
- ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0,
- "krb5_get_init_creds_password (changing password)");
- if (ret)
- goto cleanup;
- if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
- prompter, data,
- start_time, "kadmin/changepw", chpw_opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, NULL)))
+ if ((ret = krb5int_get_init_creds(context, &chpw_creds, client,
+ prompter, data,
+ start_time, "kadmin/changepw", chpw_opts,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, NULL)))
goto cleanup;
prompt[0].prompt = "Enter new password";
from the master. this is the last try. the return from this
is final. */
- ret = krb5_get_init_creds(context, creds, client, prompter, data,
- start_time, in_tkt_service, opte,
- krb5_get_as_key_password, (void *) &pw0,
- &use_master, &as_reply);
+ ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+ start_time, in_tkt_service, options,
+ krb5_get_as_key_password, (void *) &pw0,
+ &use_master, &as_reply);
cleanup:
krb5int_set_prompt_types(context, 0);
if (chpw_opts)
krb5_get_init_creds_opt_free(context, chpw_opts);
- if (opte && krb5_gic_opt_is_shadowed(opte))
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
memset(pw0array, 0, sizeof(pw0array));
memset(pw1array, 0, sizeof(pw1array));
krb5_free_cred_contents(context, &chpw_creds);
}
krb5_error_code
-krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte,
+krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
krb5_flags options, krb5_address *const *addrs,
krb5_enctype *ktypes,
krb5_preauthtype *pre_auth_types, krb5_creds *creds)
krb5_get_init_creds_opt *opt;
krb5_error_code retval;
- *opte = NULL;
+ *out = NULL;
retval = krb5_get_init_creds_opt_alloc(context, &opt);
if (retval)
return(retval);
if (creds->times.starttime) starttime = creds->times.starttime;
krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
}
- return krb5int_gic_opt_to_opte(context, opt, opte, 0,
- "krb5int_populate_gic_opt");
+ *out = opt;
+ return 0;
cleanup:
krb5_get_init_creds_opt_free(context, opt);
return retval;
char * server;
krb5_principal server_princ, client_princ;
int use_master = 0;
- krb5_gic_opt_ext *opte = NULL;
+ krb5_get_init_creds_opt *opts = NULL;
pw0.data = pw0array;
if (password && password[0]) {
pw0.data[0] = '\0';
pw0.length = sizeof(pw0array);
}
- retval = krb5int_populate_gic_opt(context, &opte,
+ retval = krb5int_populate_gic_opt(context, &opts,
options, addrs, ktypes,
pre_auth_types, creds);
if (retval)
return (retval);
retval = krb5_unparse_name( context, creds->server, &server);
if (retval) {
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+ krb5_get_init_creds_opt_free(context, opts);
return (retval);
}
server_princ = creds->server;
client_princ = creds->client;
- retval = krb5_get_init_creds (context,
- creds, creds->client,
- krb5_prompter_posix, NULL,
- 0, server, opte,
- krb5_get_as_key_password, &pw0,
- &use_master, ret_as_reply);
+ retval = krb5int_get_init_creds(context, creds, creds->client,
+ krb5_prompter_posix, NULL,
+ 0, server, opts,
+ krb5_get_as_key_password, &pw0,
+ &use_master, ret_as_reply);
krb5_free_unparsed_name( context, server);
- krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+ krb5_get_init_creds_opt_free(context, opts);
if (retval) {
return (retval);
}
krb5_creds creds;
int use_master = 0;
krb5_get_init_creds_opt *opts = NULL;
- krb5_gic_opt_ext *opte = NULL;
krb5_principal_data client_data;
krb5_principal client;
krb5_s4u_userid userid;
krb5_get_init_creds_opt_set_proxiable(opts, 0);
krb5_get_init_creds_opt_set_canonicalize(opts, 1);
krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1);
- code = krb5int_gic_opt_to_opte(context, opts, &opte,
- 0, "s4u_identify_user");
- if (code != 0)
- goto cleanup;
if (in_creds->client != NULL)
client = in_creds->client;
client = &client_data;
}
- code = krb5_get_init_creds(context, &creds, client,
- NULL, NULL, 0, NULL, opte,
- krb5_get_as_key_noop, &userid,
- &use_master, NULL);
+ code = krb5int_get_init_creds(context, &creds, client,
+ NULL, NULL, 0, NULL, opts,
+ krb5_get_as_key_noop, &userid,
+ &use_master, NULL);
if (code == 0 ||
code == KDC_ERR_PREAUTH_REQUIRED ||
code == KDC_ERR_PREAUTH_FAILED) {
krb5_get_in_tkt_with_keytab
krb5_get_in_tkt_with_password
krb5_get_in_tkt_with_skey
-krb5_get_init_creds
krb5_get_init_creds_keytab
krb5_get_init_creds_opt_alloc
krb5_get_init_creds_opt_free