svn rev #22261: branches/krb5-1-7/src/clients/kinit/

tlyu@MIT.EDU tlyu at MIT.EDU
Wed Apr 15 17:00:31 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22261
Commit By: tlyu
Log Message:
ticket: 6460
version_fixed: 1.7

pull up r22209 from trunk

 ------------------------------------------------------------------------
 r22209 | hartmans | 2009-04-14 11:05:21 -0400 (Tue, 14 Apr 2009) | 6 lines
 Changed paths:
    M /trunk/src/clients/kinit/kinit.M
    M /trunk/src/clients/kinit/kinit.c

 ticket: 6460
 subject: Implement kinit option for FAST armor ccache
 Target_version: 1.7
 tags: pullup

 Implement the -T option to kinit to specify the FAST armor ccache.


Changed Files:
U   branches/krb5-1-7/src/clients/kinit/kinit.M
U   branches/krb5-1-7/src/clients/kinit/kinit.c
Modified: branches/krb5-1-7/src/clients/kinit/kinit.M
===================================================================
--- branches/krb5-1-7/src/clients/kinit/kinit.M	2009-04-15 21:00:28 UTC (rev 22260)
+++ branches/krb5-1-7/src/clients/kinit/kinit.M	2009-04-15 21:00:31 UTC (rev 22261)
@@ -37,7 +37,7 @@
 [\fB\-A\fP]
 [\fB\-v\fP] [\fB\-R\fP]
 [\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]] [\fB\-c\fP \fIcache_name\fP]
-[\fB\-S\fP \fIservice_name\fP]
+[\fB\-S\fP \fIservice_name\fP][\fB\-T\fP \fIarmor_ccache\fP] 
 [\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]]
 [\fIprincipal\fP]
 .ad b
@@ -130,6 +130,10 @@
 .I keytab_file
 option; otherwise the default name and location will be used.
 .TP
+\fB\-T\fP \fIarmor_ccache\fP
+Specifies the name of a credential cache that already contains a ticket.  This ccache
+will be used to armor the request  Ideally, an attacker should have to attack both the armor ticket and the key of the principal.
+.TP
 \fB\-c\fP \fIcache_name\fP
 use
 .I cache_name

Modified: branches/krb5-1-7/src/clients/kinit/kinit.c
===================================================================
--- branches/krb5-1-7/src/clients/kinit/kinit.c	2009-04-15 21:00:28 UTC (rev 22260)
+++ branches/krb5-1-7/src/clients/kinit/kinit.c	2009-04-15 21:00:31 UTC (rev 22261)
@@ -117,6 +117,7 @@
     char* service_name;
     char* keytab_name;
     char* k5_cache_name;
+    char *armor_ccache;
 
     action_type action;
 
@@ -195,9 +196,10 @@
 	    USAGE_BREAK
 	    "[-v] [-R] "
 	    "[-k [-t keytab_file]] "
-	    "[-c cachename] "
+	    "[-c cachename] " 
 	    USAGE_BREAK
-	    "[-S service_name]"
+	    "[-S service_name]""-T ticket_armor_cache"
+	    USAGE_BREAK
 	    "[-X <attribute>[=<value>]] [principal]"
 	    "\n\n", 
 	    progname);
@@ -278,7 +280,7 @@
     int errflg = 0;
     int i;
 
-    while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:CE"))
+    while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:T:RS:vX:CE"))
 	   != -1) {
 	switch (i) {
 	case 'V':
@@ -347,6 +349,12 @@
 		opts->keytab_name = optarg;
 	    }
 	    break;
+	case 'T':
+	    if (opts->armor_ccache) {
+		fprintf(stderr, "Only one armor_ccache\n");
+		errflg++;
+	    } else opts->armor_ccache = optarg;
+	    break;
 	case 'R':
 	    opts->action = RENEW;
 	    break;
@@ -585,6 +593,9 @@
     }
     if (opts->no_addresses)
 	krb5_get_init_creds_opt_set_address_list(options, NULL);
+    if (opts->armor_ccache)
+    krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache);
+						 
 
     if ((opts->action == INIT_KT) && opts->keytab_name)
     {

More information about the cvs-krb5 mailing list