summaryrefslogtreecommitdiff
path: root/source4/heimdal/kuser
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-01-12 18:16:45 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-03-27 11:51:27 +1100
commit89eaef025376339ef25d07cdc4748920fceaa968 (patch)
treef514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/kuser
parentfac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff)
downloadsamba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz
samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2
samba-89eaef025376339ef25d07cdc4748920fceaa968.zip
s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
Diffstat (limited to 'source4/heimdal/kuser')
-rw-r--r--source4/heimdal/kuser/kinit.c56
1 files changed, 52 insertions, 4 deletions
diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c
index 809d399336..4e9e6ac3d7 100644
--- a/source4/heimdal/kuser/kinit.c
+++ b/source4/heimdal/kuser/kinit.c
@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -33,6 +35,10 @@
#include "kuser_locl.h"
+#ifdef __APPLE__
+#include <Security/Security.h>
+#endif
+
#ifndef HEIMDAL_SMALLER
#include "krb5-v4compat.h"
#endif
@@ -113,7 +119,7 @@ static struct getargs args[] = {
{ "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" },
- { "forwardable", 'f', arg_flag, &forwardable_flag,
+ { "forwardable", 'f', arg_negative_flag, &forwardable_flag,
NP_("get forwardable tickets", "")},
{ "keytab", 't', arg_string, &keytab_str,
@@ -422,7 +428,7 @@ get_new_tickets(krb5_context context,
char passwd[256];
krb5_deltat start_time = 0;
krb5_deltat renew = 0;
- const char *renewstr = NULL;
+ char *renewstr = NULL;
krb5_enctype *enctype = NULL;
krb5_ccache tempccache;
#ifndef NO_NTLM
@@ -451,6 +457,33 @@ get_new_tickets(krb5_context context,
passwd[strcspn(passwd, "\n")] = '\0';
}
+#ifdef __APPLE__
+ if (passwd[0] == '\0') {
+ const char *realm;
+ OSStatus osret;
+ UInt32 length;
+ void *buffer;
+ char *name;
+
+ realm = krb5_principal_get_realm(context, principal);
+
+ ret = krb5_unparse_name_flags(context, principal,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
+ if (ret)
+ goto nopassword;
+
+ osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm,
+ strlen(name), name,
+ &length, &buffer, NULL);
+ free(name);
+ if (osret == noErr && length < sizeof(passwd) - 1) {
+ memcpy(passwd, buffer, length);
+ passwd[length] = '\0';
+ }
+ nopassword:
+ do { } while(0);
+ }
+#endif
memset(&cred, 0, sizeof(cred));
@@ -472,7 +505,7 @@ get_new_tickets(krb5_context context,
pac_flag ? TRUE : FALSE);
if (canonicalize_flag)
krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
- if (pk_enterprise_flag && windows_flag)
+ if ((pk_enterprise_flag || enterprise_flag || canonicalize_flag) && windows_flag)
krb5_get_init_creds_opt_set_win2k(context, opt, TRUE);
if (pk_user_id || ent_user_id || anonymous_flag) {
ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
@@ -881,8 +914,23 @@ main (int argc, char **argv)
#endif
} else {
ret = krb5_cc_cache_match(context, principal, &ccache);
- if (ret)
+ if (ret) {
+ const char *type;
ret = krb5_cc_default (context, &ccache);
+ if (ret)
+ krb5_err (context, 1, ret, N_("resolving credentials cache", ""));
+
+ /*
+ * Check if the type support switching, and we do,
+ * then do that instead over overwriting the current
+ * default credential
+ */
+ type = krb5_cc_get_type(context, ccache);
+ if (krb5_cc_support_switch(context, type)) {
+ krb5_cc_close(context, ccache);
+ ret = krb5_cc_new_unique(context, type, NULL, &ccache);
+ }
+ }
}
}
if (ret)