diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-01-12 18:16:45 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-03-27 11:51:27 +1100 |
| commit | 89eaef025376339ef25d07cdc4748920fceaa968 (patch) | |
| tree | f514f4632c9d54a372a7f1f0ca845a0c3a488fbf /source4/heimdal/kuser | |
| parent | fac8ca52ade6e490eea3cf3d0fc98287da321c13 (diff) | |
| download | samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.gz samba-89eaef025376339ef25d07cdc4748920fceaa968.tar.bz2 samba-89eaef025376339ef25d07cdc4748920fceaa968.zip | |
s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
Diffstat (limited to 'source4/heimdal/kuser')
| -rw-r--r-- | source4/heimdal/kuser/kinit.c | 56 |
1 files changed, 52 insertions, 4 deletions
diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 809d399336..4e9e6ac3d7 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,6 +35,10 @@ #include "kuser_locl.h" +#ifdef __APPLE__ +#include <Security/Security.h> +#endif + #ifndef HEIMDAL_SMALLER #include "krb5-v4compat.h" #endif @@ -113,7 +119,7 @@ static struct getargs args[] = { { "cache", 'c', arg_string, &cred_cache, NP_("credentials cache", ""), "cachename" }, - { "forwardable", 'f', arg_flag, &forwardable_flag, + { "forwardable", 'f', arg_negative_flag, &forwardable_flag, NP_("get forwardable tickets", "")}, { "keytab", 't', arg_string, &keytab_str, @@ -422,7 +428,7 @@ get_new_tickets(krb5_context context, char passwd[256]; krb5_deltat start_time = 0; krb5_deltat renew = 0; - const char *renewstr = NULL; + char *renewstr = NULL; krb5_enctype *enctype = NULL; krb5_ccache tempccache; #ifndef NO_NTLM @@ -451,6 +457,33 @@ get_new_tickets(krb5_context context, passwd[strcspn(passwd, "\n")] = '\0'; } +#ifdef __APPLE__ + if (passwd[0] == '\0') { + const char *realm; + OSStatus osret; + UInt32 length; + void *buffer; + char *name; + + realm = krb5_principal_get_realm(context, principal); + + ret = krb5_unparse_name_flags(context, principal, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name); + if (ret) + goto nopassword; + + osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm, + strlen(name), name, + &length, &buffer, NULL); + free(name); + if (osret == noErr && length < sizeof(passwd) - 1) { + memcpy(passwd, buffer, length); + passwd[length] = '\0'; + } + nopassword: + do { } while(0); + } +#endif memset(&cred, 0, sizeof(cred)); @@ -472,7 +505,7 @@ get_new_tickets(krb5_context context, pac_flag ? TRUE : FALSE); if (canonicalize_flag) krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE); - if (pk_enterprise_flag && windows_flag) + if ((pk_enterprise_flag || enterprise_flag || canonicalize_flag) && windows_flag) krb5_get_init_creds_opt_set_win2k(context, opt, TRUE); if (pk_user_id || ent_user_id || anonymous_flag) { ret = krb5_get_init_creds_opt_set_pkinit(context, opt, @@ -881,8 +914,23 @@ main (int argc, char **argv) #endif } else { ret = krb5_cc_cache_match(context, principal, &ccache); - if (ret) + if (ret) { + const char *type; ret = krb5_cc_default (context, &ccache); + if (ret) + krb5_err (context, 1, ret, N_("resolving credentials cache", "")); + + /* + * Check if the type support switching, and we do, + * then do that instead over overwriting the current + * default credential + */ + type = krb5_cc_get_type(context, ccache); + if (krb5_cc_support_switch(context, type)) { + krb5_cc_close(context, ccache); + ret = krb5_cc_new_unique(context, type, NULL, &ccache); + } + } } } if (ret) |