krb5 commit: Add kinit PAC request options
Greg Hudson
ghudson at mit.edu
Wed Apr 27 17:02:13 EDT 2016
https://github.com/krb5/krb5/commit/c5c8e57b77d440dbce565579e10e279acfde4674
commit c5c8e57b77d440dbce565579e10e279acfde4674
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 17 18:54:19 2015 +0100
Add kinit PAC request options
Add --request-pac and --no-request-pac options to kinit, to explicitly
request inclusion or exclusion of PAC authorization data.
ticket: 7985
src/clients/kinit/kinit.c | 43 +++++++++++++++++++++++++++++++------------
1 files changed, 31 insertions(+), 12 deletions(-)
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index c039241..f24c319 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -88,11 +88,13 @@ struct k_opts
int forwardable;
int proxiable;
+ int request_pac;
int anonymous;
int addresses;
int not_forwardable;
int not_proxiable;
+ int not_request_pac;
int no_addresses;
int verbose;
@@ -128,18 +130,6 @@ struct k5_data
stored in *(struct[2]), the array index which was specified is
stored in *index, and long_getopt() returns 0. */
-struct option long_options[] = {
- { "noforwardable", 0, NULL, 'F' },
- { "noproxiable", 0, NULL, 'P' },
- { "addresses", 0, NULL, 'a'},
- { "forwardable", 0, NULL, 'f' },
- { "proxiable", 0, NULL, 'p' },
- { "noaddresses", 0, NULL, 'A' },
- { "canonicalize", 0, NULL, 'C' },
- { "enterprise", 0, NULL, 'E' },
- { NULL, 0, NULL, 0 }
-};
-
const char *shopts = "r:fpFPn54aAVl:s:c:kit:T:RS:vX:CEI:";
static void
@@ -152,6 +142,7 @@ usage()
#define USAGE_LONG_ADDRESSES " | --addresses | --noaddresses"
#define USAGE_LONG_CANONICALIZE " | --canonicalize"
#define USAGE_LONG_ENTERPRISE " | --enterprise"
+#define USAGE_LONG_REQUESTPAC "--request-pac | --no-request-pac"
#define USAGE_BREAK_LONG USAGE_BREAK
fprintf(stderr, "Usage: %s [-V] "
@@ -165,6 +156,8 @@ usage()
"-n "
"[-a | -A" USAGE_LONG_ADDRESSES "] "
USAGE_BREAK_LONG
+ "[" USAGE_LONG_REQUESTPAC "] "
+ USAGE_BREAK_LONG
"[-C" USAGE_LONG_CANONICALIZE "] "
USAGE_BREAK
"[-E" USAGE_LONG_ENTERPRISE "] "
@@ -254,6 +247,19 @@ parse_options(argc, argv, opts)
char **argv;
struct k_opts* opts;
{
+ struct option long_options[] = {
+ { "noforwardable", 0, NULL, 'F' },
+ { "noproxiable", 0, NULL, 'P' },
+ { "addresses", 0, NULL, 'a'},
+ { "forwardable", 0, NULL, 'f' },
+ { "proxiable", 0, NULL, 'p' },
+ { "noaddresses", 0, NULL, 'A' },
+ { "canonicalize", 0, NULL, 'C' },
+ { "enterprise", 0, NULL, 'E' },
+ { "request-pac", 0, &opts->request_pac, 1 },
+ { "no-request-pac", 0, &opts->not_request_pac, 1 },
+ { NULL, 0, NULL, 0 }
+ };
krb5_error_code code;
int errflg = 0;
int i;
@@ -383,6 +389,9 @@ parse_options(argc, argv, opts)
break;
case '5':
break;
+ case 0:
+ /* If this option set a flag, do nothing else now. */
+ break;
default:
errflg++;
break;
@@ -399,6 +408,12 @@ parse_options(argc, argv, opts)
fprintf(stderr, _("Only one of -p and -P allowed\n"));
errflg++;
}
+ if (opts->request_pac && opts->not_request_pac)
+ {
+ fprintf(stderr, _("Only one of --request-pac and --no-request-pac "
+ "allowed\n"));
+ errflg++;
+ }
if (opts->addresses && opts->no_addresses)
{
fprintf(stderr, _("Only one of -a and -A allowed\n"));
@@ -727,6 +742,10 @@ k5_kinit(opts, k5)
krb5_get_init_creds_opt_set_address_list(options, NULL);
if (opts->armor_ccache)
krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache);
+ if (opts->request_pac)
+ krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, TRUE);
+ if (opts->not_request_pac)
+ krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, FALSE);
if ((opts->action == INIT_KT) && opts->keytab_name)
More information about the cvs-krb5
mailing list