+Sun Jul 7 15:21:58 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * kinit.M: Document -R option.
+
+ * kinit.c (krb5_tgt_gen): Code from krb5_validate_tgt() modified
+ to handle both renewal and validation of postdated tickets.
+ (krb5_renew_tgt): Takes a credential cache with a tgt with the
+ "renewable flag" set and asks ths kdc to renew it. Cache is wiped
+ and only new tgt is stored.
+ (main): New option -R to renew tickets.
+
Fri May 3 00:28:10 1996 Mark Eichin <eichin@cygnus.com>
* kinit.c (krb5_validate_tgt): new function, takes a credential
.B \-s
.I starttime
] [
+.B \-v
+] [
.B \-p
] [
.B \-f
.B \-r
.I rlife
] [
+.B \-R
+] [
.B \-c
.I cachename
]
option specifies the start time, and causes you to get a postdated ticket.
Postdated tickets are issued with the
.I invalid
-flag set, and needs to be fed back to the kdc before use.
+flag set, and needs to be fed back to the kdc before use. This may be
+accomplished by using the
+.B \-v
+option.
+.PP
The
.B \-p
option specifies that the PROXIABLE option should be requested for the
.B \-r
.I rlife
option specifies that the RENEWABLE option should be requested for the
-ticket, and specifies the desired total lifetime of the ticket.
+ticket, and specifies the desired total lifetime of the ticket. To renew
+the ticket, the
+.B \-R
+option is used. Note that you must renew the ticket before it has
+expired.
.PP
The
.B \-c
if (strrchr(argv[0], '/'))
argv[0] = strrchr(argv[0], '/')+1;
- while ((option = getopt(argc, argv, "r:fpl:s:c:kt:v")) != EOF) {
+ while ((option = getopt(argc, argv, "r:Rfpl:s:c:kt:v")) != EOF) {
switch (option) {
case 'r':
options |= KDC_OPT_RENEWABLE;
errflg++;
}
break;
+ case 'R':
+ /* renew the ticket */
+ options |= KDC_OPT_RENEW;
+ break;
case 'v':
/* validate the ticket */
options |= KDC_OPT_VALIDATE;
}
if (errflg) {
- fprintf(stderr, "Usage: %s [-r time] [-puf] [-l lifetime] [-c cachename] [-k] [-t keytab] [principal]\n", argv[0]);
+ fprintf(stderr, "Usage: %s [-r time] [-R] [-s time] [-v] [-puf] [-l lifetime] [-c cachename] [-k] [-t keytab] [principal]\n", argv[0]);
exit(2);
}
/* should be done... */
exit(0);
}
+
+ if (options & KDC_OPT_RENEW) {
+ /* don't use get_in_tkt, just use mk_req... */
+ krb5_data outbuf;
+
+ code = krb5_renew_tgt(kcontext, ccache, server, &outbuf);
+ if (code) {
+ com_err (argv[0], code, "renewing tgt");
+ exit(1);
+ }
+ /* should be done... */
+ exit(0);
+ }
#ifndef NO_KEYTAB
if (!use_keytab)
#endif
exit(0);
}
+#define VALIDATE 0
+#define RENEW 1
+
/* stripped down version of krb5_mk_req */
krb5_error_code krb5_validate_tgt(context, ccache, server, outbuf)
krb5_context context;
krb5_ccache ccache;
krb5_principal server; /* tgtname */
krb5_data *outbuf;
+{
+ return krb5_tgt_gen(context, ccache, server, outbuf, VALIDATE);
+}
+
+/* stripped down version of krb5_mk_req */
+krb5_error_code krb5_renew_tgt(context, ccache, server, outbuf)
+ krb5_context context;
+ krb5_ccache ccache;
+ krb5_principal server; /* tgtname */
+ krb5_data *outbuf;
+{
+ return krb5_tgt_gen(context, ccache, server, outbuf, RENEW);
+}
+
+
+/* stripped down version of krb5_mk_req */
+krb5_error_code krb5_tgt_gen(context, ccache, server, outbuf, opt)
+ krb5_context context;
+ krb5_ccache ccache;
+ krb5_principal server; /* tgtname */
+ krb5_data *outbuf;
+ int opt;
{
krb5_auth_context * auth_context = 0;
const krb5_flags ap_req_options;
if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)))
goto cleanup_creds;
- if ((retval = krb5_get_credentials_validate(context, 0,
- ccache, &creds, &credsp)))
- goto cleanup_creds;
+ if(opt == VALIDATE) {
+ if ((retval = krb5_get_credentials_validate(context, 0,
+ ccache, &creds, &credsp)))
+ goto cleanup_creds;
+ } else {
+ if ((retval = krb5_get_credentials_renew(context, 0,
+ ccache, &creds, &credsp)))
+ goto cleanup_creds;
+ }
/* we don't actually need to do the mk_req, just get the creds. */
cleanup_creds:
projects / krb5.git / commitdiff