[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kinit 524 conversion only



Earlier Chris Chiappa provided a patch which makes kinit -4 -R work; For
simplicity this patch includes that one, and also adds --524convert

--524convert is basically take an existing v5 ticket and convert; Don't
prompt me for a password, don't renew, and don't validate, and that's
exactly how it's implemented

The lack of k524init got annoying because I kept trying to use it and
losing.

-D

--- /usr/tmp/heimdal/sandbox/heimdal/kuser/kinit.c	Sat Mar 17 03:01:37 2001
+++ /usr/tmp/kinit.c	Sat Mar 24 14:20:42 2001
@@ -164,6 +164,7 @@
 int renewable_flag	= -1;
 int renew_flag		= 0;
 int validate_flag	= 0;
+int convert_flag	= 0;
 int version_flag	= 0;
 int help_flag		= 0;
 int addrs_flag		= 1;
@@ -189,6 +190,9 @@
     
     { "afslog", 	0  , arg_flag, &do_afslog,
       "obtain afs tokens"  },
+
+    { "524convert", 	0  , arg_flag, &convert_flag,
+      "convert existing TGT to version 4" },
 #endif
     { "cache", 		'c', arg_string, &cred_cache,
       "credentials cache", "cachename" },
@@ -252,18 +256,47 @@
     exit (ret);
 }
 
+static void
+convert_524(krb5_context context,
+            krb5_ccache cache,
+            krb5_creds *creds)
+{
+    CREDENTIALS c;
+    int tret, cret;
+
+    if(!get_v4_tgt)
+        return;
+
+    cret = krb524_convert_creds_kdc(context, cache, creds, &c);
+    if(cret)
+        krb5_warn(context, cret, "converting creds");
+    else
+    {
+        tret = tf_setup(&c, c.pname, c.pinst);
+        if(tret)
+            warnx("saving v4 creds: %s", krb_get_err_text(tret));
+    }
+    memset(&c, 0, sizeof(c));
+    
+    return;
+}
+
 static int
-renew_validate(krb5_context context, 
-	       int renew,
-	       int validate,
-	       krb5_ccache cache, 
-	       const char *server,
-	       krb5_deltat life)
+renew_validate_convert(krb5_context context, 
+		       int renew,
+		       int validate,
+		       int convert,
+		       krb5_ccache cache, 
+		       const char *server,
+		       krb5_deltat life)
 {
     krb5_error_code ret;
     krb5_creds in, *out;
     krb5_kdc_flags flags;
 
+    if (convert)
+	get_v4_tgt=1;
+
     memset(&in, 0, sizeof(in));
 
     ret = krb5_cc_get_principal(context, cache, &in.client);
@@ -298,7 +331,7 @@
 	flags.b.request_anonymous = anonymous_flag;
     if(life)
 	in.times.endtime = time(NULL) + life;
-
+	
     ret = krb5_get_kdc_cred(context,
 			    cache,
 			    flags,
@@ -317,6 +350,14 @@
 	goto out;
     }
     ret = krb5_cc_store_cred(context, cache, out);
+#ifdef KRB4
+    if(!ret) {
+        convert_524(context, cache, out);
+
+        if(do_afslog && k_hasafs())
+            krb5_afslog(context, cache, NULL, NULL);
+    }
+#endif
     krb5_free_creds (context, out);
     if(ret) {
 	krb5_warn(context, ret, "krb5_cc_store_cred");
@@ -409,9 +450,10 @@
 
 	ticket_life = tmp;
     }
-    if(renew_flag || validate_flag) {
-	ret = renew_validate(context, renew_flag, validate_flag, 
-			     ccache, server, ticket_life);
+    if(renew_flag || validate_flag || convert_flag) {
+	ret = renew_validate_convert(context, renew_flag, validate_flag, 
+				     convert_flag, ccache, server, 
+				     ticket_life);
 	exit(ret != 0);
     }
 
@@ -564,11 +606,15 @@
 #ifdef KRB4
     if(get_v4_tgt) {
 	CREDENTIALS c;
+	int tret;
 	ret = krb524_convert_creds_kdc(context, ccache, &cred, &c);
 	if(ret)
 	    krb5_warn(context, ret, "converting creds");
-	else
-	    tf_setup(&c, c.pname, c.pinst);
+	else {
+            tret = tf_setup(&c, c.pname, c.pinst);
+            if(tret)
+                warnx("saving v4 creds: %s", krb_get_err_text(tret));
+        }
 	memset(&c, 0, sizeof(c));
     }
     if(do_afslog && k_hasafs())