svn rev #23512: branches/anonymous/src/ kadmin/cli/ lib/kadm5/ lib/kadm5/clnt/ ...
hartmans@MIT.EDU
hartmans at MIT.EDU
Wed Dec 23 16:10:59 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23512
Commit By: hartmans
Log Message:
Add support for kadmin -n
Add support for the -n option to kadmin to support anonymous
* kadm5_init_anonymous: new API
* kadmin.c: use it
Changed Files:
U branches/anonymous/src/kadmin/cli/kadmin.c
U branches/anonymous/src/lib/kadm5/admin.h
U branches/anonymous/src/lib/kadm5/clnt/client_init.c
U branches/anonymous/src/lib/kadm5/clnt/libkadm5clnt.exports
U branches/anonymous/src/lib/kadm5/srv/libkadm5srv.exports
U branches/anonymous/src/lib/kadm5/srv/server_init.c
Modified: branches/anonymous/src/kadmin/cli/kadmin.c
===================================================================
--- branches/anonymous/src/kadmin/cli/kadmin.c 2009-12-23 21:10:55 UTC (rev 23511)
+++ branches/anonymous/src/kadmin/cli/kadmin.c 2009-12-23 21:10:59 UTC (rev 23512)
@@ -119,7 +119,7 @@
{
fprintf(stderr,
"Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
- "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n"
+ "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n]\n"
"\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n"
"where,\n\t[-x db_args]* - any number of database specific arguments.\n"
"\t\t\tLook at each database documentation for supported arguments\n",
@@ -238,7 +238,7 @@
char *princstr = NULL, *keytab_name = NULL, *query = NULL;
char *password = NULL;
char *luser, *canon, *cp;
- int optchar, freeprinc = 0, use_keytab = 0;
+ int optchar, freeprinc = 0, use_keytab = 0, use_anonymous = 0;
struct passwd *pw;
kadm5_ret_t retval;
krb5_ccache cc;
@@ -270,7 +270,7 @@
exit(1);
}
- while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
+ while ((optchar = getopt(argc, argv, "x:r:p:knq:w:d:s:mc:t:e:ON")) != EOF) {
switch (optchar) {
case 'x':
db_args_size++;
@@ -296,7 +296,10 @@
case 'k':
use_keytab++;
break;
- case 't':
+ case 'n':
+ use_anonymous++;
+ break;
+ case 't':
keytab_name = optarg;
break;
case 'w':
@@ -349,7 +352,9 @@
}
}
if ((ccache_name && use_keytab) ||
- (keytab_name && !use_keytab))
+ (keytab_name && !use_keytab)
+ || (ccache_name && use_anonymous)
+ || (use_anonymous &&use_keytab))
usage();
if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) {
@@ -487,6 +492,12 @@
retval = kadm5_init_with_creds(context, princstr, cc, svcname, ¶ms,
KADM5_STRUCT_VERSION,
KADM5_API_VERSION_3, db_args, &handle);
+ } else if ( use_anonymous) {
+ printf("Authenticating as principal %s with password; anonymous requested.\n",
+ princstr);
+ retval = kadm5_init_anonymous(context, princstr, svcname, ¶ms,
+ KADM5_STRUCT_VERSION,
+ KADM5_API_VERSION_3, db_args, &handle);
} else if (use_keytab) {
if (keytab_name)
printf("Authenticating as principal %s with keytab %s.\n",
Modified: branches/anonymous/src/lib/kadm5/admin.h
===================================================================
--- branches/anonymous/src/lib/kadm5/admin.h 2009-12-23 21:10:55 UTC (rev 23511)
+++ branches/anonymous/src/lib/kadm5/admin.h 2009-12-23 21:10:59 UTC (rev 23512)
@@ -338,6 +338,13 @@
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
+kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
+ char *service_name,
+ kadm5_config_params *params,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ char **db_args,
+ void **server_handle);
kadm5_ret_t kadm5_init_with_password(krb5_context context,
char *client_name,
char *pass,
Modified: branches/anonymous/src/lib/kadm5/clnt/client_init.c
===================================================================
--- branches/anonymous/src/lib/kadm5/clnt/client_init.c 2009-12-23 21:10:55 UTC (rev 23511)
+++ branches/anonymous/src/lib/kadm5/clnt/client_init.c 2009-12-23 21:10:59 UTC (rev 23512)
@@ -59,7 +59,7 @@
#define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX"
-enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS };
+enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS , INIT_ANONYMOUS};
static kadm5_ret_t _kadm5_init_any(krb5_context context,
char *client_name,
@@ -129,6 +129,19 @@
api_version, db_args, server_handle);
}
+kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
+ char *service_name,
+ kadm5_config_params *params,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ char **db_args,
+ void **server_handle)
+{
+ return _kadm5_init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL,
+ service_name, params, struct_version,
+ api_version, db_args, server_handle);
+}
+
kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
char *service_name,
kadm5_config_params *params,
@@ -558,9 +571,11 @@
krb5_get_init_creds_opt_set_forwardable(opt, 0);
krb5_get_init_creds_opt_set_proxiable(opt, 0);
krb5_get_init_creds_opt_set_out_ccache(ctx, opt, ccache);
+ if (init_type == INIT_ANONYMOUS)
+ krb5_get_init_creds_opt_set_anonymous(opt, 1);
}
- if (init_type == INIT_PASS) {
+ if (init_type == INIT_PASS || init_type == INIT_ANONYMOUS) {
code = krb5_get_init_creds_password(ctx, &outcreds, client, pass,
krb5_prompter_posix,
NULL, 0,
Modified: branches/anonymous/src/lib/kadm5/clnt/libkadm5clnt.exports
===================================================================
--- branches/anonymous/src/lib/kadm5/clnt/libkadm5clnt.exports 2009-12-23 21:10:55 UTC (rev 23511)
+++ branches/anonymous/src/lib/kadm5/clnt/libkadm5clnt.exports 2009-12-23 21:10:59 UTC (rev 23512)
@@ -24,6 +24,7 @@
kadm5_get_principals
kadm5_get_privs
kadm5_init
+kadm5_init_anonymous
kadm5_init_krb5_context
kadm5_init_with_creds
kadm5_init_with_password
Modified: branches/anonymous/src/lib/kadm5/srv/libkadm5srv.exports
===================================================================
--- branches/anonymous/src/lib/kadm5/srv/libkadm5srv.exports 2009-12-23 21:10:55 UTC (rev 23511)
+++ branches/anonymous/src/lib/kadm5/srv/libkadm5srv.exports 2009-12-23 21:10:59 UTC (rev 23512)
@@ -40,6 +40,7 @@
kadm5_get_principals
kadm5_get_privs
kadm5_init
+kadm5_init_anonymous
kadm5_init_krb5_context
kadm5_init_with_creds
kadm5_init_with_password
Modified: branches/anonymous/src/lib/kadm5/srv/server_init.c
===================================================================
--- branches/anonymous/src/lib/kadm5/srv/server_init.c 2009-12-23 21:10:55 UTC (rev 23511)
+++ branches/anonymous/src/lib/kadm5/srv/server_init.c 2009-12-23 21:10:59 UTC (rev 23512)
@@ -104,6 +104,19 @@
server_handle);
}
+kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
+ char *service_name,
+ kadm5_config_params *params,
+ krb5_ui_4 struct_version,
+ krb5_ui_4 api_version,
+ char **db_args,
+ void **server_handle)
+{
+ return kadm5_init(context, client_name, NULL, service_name, params,
+ struct_version, api_version, db_args,
+ server_handle);
+}
+
kadm5_ret_t kadm5_init_with_creds(krb5_context context,
char *client_name,
krb5_ccache ccache,
More information about the cvs-krb5
mailing list