From: Ken Raeburn Date: Sat, 4 May 1996 00:42:57 +0000 (+0000) Subject: * kinit.c (krb5_validate_tgt): new function, takes a credential cache with an X-Git-Tag: krb5-1.0-beta6~148 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=41ff69a113dfbc64a94217f84262289b3211ccfc;p=krb5.git * kinit.c (krb5_validate_tgt): new function, takes a credential cache with an tgt with the "invalid flag" set, and asks the kdc to validate it. Wipes cache and stores only the newly validated credential. (After all, there won't be any others, because the invalid krbtgt couldn't have gotten them.) Most of the code is taken from krb5_mk_req, since it did the right thing. (main): add -v option, validates the ticket already in the selected cache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7894 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index b4e064f3d..85330fb88 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,14 @@ +Fri May 3 00:28:10 1996 Mark Eichin + + * kinit.c (krb5_validate_tgt): new function, takes a credential + cache with an tgt with the "invalid flag" set, and asks the kdc to + validate it. Wipes cache and stores only the newly validated + credential. (After all, there won't be any others, because the + invalid krbtgt couldn't have gotten them.) Most of the code is + taken from krb5_mk_req, since it did the right thing. + (main): add -v option, validates the ticket already in the + selected cache. + Wed May 1 02:37:17 1996 Mark Eichin * kinit.c (main): add -s starttime option. Have it accept a delta diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 6c24adfd1..bb2109e0b 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -90,7 +90,7 @@ main(argc, argv) if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; - while ((option = getopt(argc, argv, "r:fpl:s:c:kt:")) != EOF) { + while ((option = getopt(argc, argv, "r:fpl:s:c:kt:v")) != EOF) { switch (option) { case 'r': options |= KDC_OPT_RENEWABLE; @@ -100,6 +100,10 @@ main(argc, argv) errflg++; } break; + case 'v': + /* validate the ticket */ + options |= KDC_OPT_VALIDATE; + break; case 'p': options |= KDC_OPT_PROXIABLE; break; @@ -268,6 +272,18 @@ main(argc, argv) } else my_creds.times.renew_till = 0; + if (options & KDC_OPT_VALIDATE) { + /* don't use get_in_tkt, just use mk_req... */ + krb5_data outbuf; + + code = krb5_validate_tgt(kcontext, ccache, server, &outbuf); + if (code) { + com_err (argv[0], code, "validating tgt"); + exit(1); + } + /* should be done... */ + exit(0); + } #ifndef NO_KEYTAB if (!use_keytab) #endif @@ -324,3 +340,39 @@ main(argc, argv) exit(0); } + +/* stripped down version of krb5_mk_req */ +krb5_error_code krb5_validate_tgt(context, ccache, server, outbuf) + krb5_context context; + krb5_ccache ccache; + krb5_principal server; /* tgtname */ + krb5_data *outbuf; +{ + krb5_auth_context * auth_context = 0; + const krb5_flags ap_req_options; + krb5_data * in_data; + + krb5_error_code retval; + krb5_creds * credsp; + krb5_creds creds; + + /* obtain ticket & session key */ + memset((char *)&creds, 0, sizeof(creds)); + if ((retval = krb5_copy_principal(context, server, &creds.server))) + goto cleanup; + + if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) + goto cleanup_creds; + + if ((retval = krb5_get_credentials_validate(context, 0, + ccache, &creds, &credsp))) + goto cleanup_creds; + + /* we don't actually need to do the mk_req, just get the creds. */ +cleanup_creds: + krb5_free_cred_contents(context, &creds); + +cleanup: + + return retval; +}