From 9104e5399c14db913c71e76b90d09b8cf9c0ea90 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Wed, 30 Sep 1992 14:09:54 +0000 Subject: [PATCH] Change to use default principal from the cache if it exists. Change to use preauthentication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2453 dc483132-0cff-0310-8789-dd5450dbe970 --- src/clients/kinit/kinit.c | 78 ++++++++++++++++++++++++++++++--------- 1 file changed, 61 insertions(+), 17 deletions(-) diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 94de269bd..bb0c799b2 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -31,14 +31,14 @@ static char rcsid_kinit_c [] = #endif /* !lint & !SABER */ #include +#include +#include #include #include /* for TGTNAME */ #include #include -#include - #define KRB5_DEFAULT_OPTIONS 0 #define KRB5_DEFAULT_LIFE 60*60*8 /* 8 hours */ @@ -79,6 +79,9 @@ main(argc, argv) krb5_principal server; krb5_creds my_creds; krb5_timestamp now; + struct passwd *pw = 0; + int pwsize; + char password[255], *client_name, prompt[255]; krb5_init_ets(); @@ -104,7 +107,7 @@ main(argc, argv) case 'l': code = krb5_parse_lifetime(optarg, &lifetime); if (code != 0 || lifetime == 0) { - fprintf(stderr, "Bad lifetime value (%s hours?\n", optarg); + fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg); errflg++; } break; @@ -128,21 +131,46 @@ main(argc, argv) break; } } - if (optind != argc-1) - errflg++; - + if (errflg) { - fprintf(stderr, "Usage: %s [ -r time ] [ -puf ] [ -l lifetime ] [ -c cachename ] principal\n", argv[0]); + fprintf(stderr, "Usage: %s [ -r time ] [ -puf ] [ -l lifetime ] [ -c cachename ] [principal]\n", argv[0]); exit(2); } + if (ccache == NULL) { if (code = krb5_cc_default(&ccache)) { com_err(argv[0], code, "while getting default ccache"); exit(1); } } - if (code = krb5_parse_name (argv[optind], &me)) { - com_err (argv[0], code, "when parsing name %s",argv[optind]); + + if (optind != argc-1) { /* No principal name specified */ + /* Get default principal from cache if one exists */ + code = krb5_cc_get_principal(ccache, &me); + /* Else search passwd file for client */ + if (code) { + pw = getpwuid((int) getuid()); + if (pw) { + if (code = krb5_parse_name (pw->pw_name, &me)) { + com_err (argv[0], code, "when parsing name %s", pw->pw_name); + exit(1); + } + } + else { + fprintf(stderr, + "Unable to identify user from password file\n"); + exit(1); + } + } + } + else /* Use specified name */ + if (code = krb5_parse_name (argv[optind], &me)) { + com_err (argv[0], code, "when parsing name %s",argv[optind]); + exit(1); + } + + if (code = krb5_unparse_name(me, &client_name)) { + com_err (argv[0], code, "when unparsing name"); exit(1); } @@ -187,19 +215,35 @@ main(argc, argv) } else my_creds.times.renew_till = 0; + (void) sprintf(prompt,"Password for %s: ", (char *) client_name); + + pwsize = sizeof(password); + + code = krb5_read_password(prompt, 0, password, &pwsize); + if (code || pwsize == 0) { + fprintf(stderr, "Error while reading password for '%s'\n", + client_name); + memset(password, 0, sizeof(password)); + krb5_free_addresses(my_addresses); + exit(1); + } + code = krb5_get_in_tkt_with_password(options, my_addresses, + KRB5_PADATA_ENC_TIMESTAMP, ETYPE_DES_CBC_CRC, KEYTYPE_DES, - 0, /* let lib read pwd from kbd */ + password, ccache, - &my_creds); + &my_creds, 0); + memset(password, 0, sizeof(password)); krb5_free_principal(server); - if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) { - fprintf (stderr, "%s: Password incorrect\n", argv[0]); - exit(1); - } - if (code != 0) { - com_err (argv[0], code, "while getting initial credentials"); + krb5_free_addresses(my_addresses); + + if (code) { + if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) + fprintf (stderr, "%s: Password incorrect\n", argv[0]); + else + com_err (argv[0], code, "while getting initial credentials"); exit(1); } exit(0); -- 2.26.2