diff options
Diffstat (limited to 'src/clients/kinit/kinit.c')
-rw-r--r-- | src/clients/kinit/kinit.c | 490 |
1 files changed, 218 insertions, 272 deletions
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index f1cd1b73db60..a518284ea568 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -26,7 +26,7 @@ #include "autoconf.h" #include <k5-int.h> -#include "k5-platform.h" /* for asprintf and getopt */ +#include "k5-platform.h" /* For asprintf and getopt */ #include <krb5.h> #include "extern.h" #include <locale.h> @@ -37,40 +37,41 @@ #include <com_err.h> #ifndef _WIN32 -#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x)) +#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/') + 1 : (x)) #else #define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x)) #endif #ifdef HAVE_PWD_H #include <pwd.h> -static -char * get_name_from_os() +static char * +get_name_from_os() { struct passwd *pw; - if ((pw = getpwuid((int) getuid()))) - return pw->pw_name; - return 0; + + pw = getpwuid(getuid()); + return (pw != NULL) ? pw->pw_name : NULL; } #else /* HAVE_PWD_H */ #ifdef _WIN32 -static -char * get_name_from_os() +static char * +get_name_from_os() { static char name[1024]; DWORD name_size = sizeof(name); + if (GetUserName(name, &name_size)) { - name[sizeof(name)-1] = 0; /* Just to be extra safe */ + name[sizeof(name) - 1] = '\0'; /* Just to be extra safe */ return name; } else { - return 0; + return NULL; } } #else /* _WIN32 */ -static -char * get_name_from_os() +static char * +get_name_from_os() { - return 0; + return NULL; } #endif /* _WIN32 */ #endif /* HAVE_PWD_H */ @@ -81,7 +82,7 @@ typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type; struct k_opts { - /* in seconds */ + /* In seconds */ krb5_deltat starttime; krb5_deltat lifetime; krb5_deltat rlife; @@ -99,11 +100,11 @@ struct k_opts int verbose; - char* principal_name; - char* service_name; - char* keytab_name; - char* k5_in_cache_name; - char* k5_out_cache_name; + char *principal_name; + char *service_name; + char *keytab_name; + char *k5_in_cache_name; + char *k5_out_cache_name; char *armor_ccache; action_type action; @@ -121,46 +122,39 @@ struct k5_data krb5_context ctx; krb5_ccache in_cc, out_cc; krb5_principal me; - char* name; + char *name; krb5_boolean switch_to_cache; }; -/* if struct[2] == NULL, then long_getopt acts as if the short flag - struct[3] was specified. If struct[2] != NULL, then struct[3] is - stored in *(struct[2]), the array index which was specified is - stored in *index, and long_getopt() returns 0. */ - +/* + * If struct[2] == NULL, then long_getopt acts as if the short flag struct[3] + * were specified. If struct[2] != NULL, then struct[3] is stored in + * *(struct[2]), the array index which was specified is stored in *index, and + * long_getopt() returns 0. + */ const char *shopts = "r:fpFPn54aAVl:s:c:kit:T:RS:vX:CEI:"; +#define USAGE_BREAK "\n\t" + static void usage() { -#define USAGE_BREAK "\n\t" - -#define USAGE_LONG_FORWARDABLE " | --forwardable | --noforwardable" -#define USAGE_LONG_PROXIABLE " | --proxiable | --noproxiable" -#define USAGE_LONG_ADDRESSES " | --addresses | --noaddresses" -#define USAGE_LONG_CANONICALIZE " | --canonicalize" -#define USAGE_LONG_ENTERPRISE " | --enterprise" -#define USAGE_LONG_REQUESTPAC "--request-pac | --no-request-pac" -#define USAGE_BREAK_LONG USAGE_BREAK - fprintf(stderr, "Usage: %s [-V] " "[-l lifetime] [-s start_time] " USAGE_BREAK "[-r renewable_life] " - "[-f | -F" USAGE_LONG_FORWARDABLE "] " - USAGE_BREAK_LONG - "[-p | -P" USAGE_LONG_PROXIABLE "] " - USAGE_BREAK_LONG + "[-f | -F | --forwardable | --noforwardable] " + USAGE_BREAK + "[-p | -P | --proxiable | --noproxiable] " + USAGE_BREAK "-n " - "[-a | -A" USAGE_LONG_ADDRESSES "] " - USAGE_BREAK_LONG - "[" USAGE_LONG_REQUESTPAC "] " - USAGE_BREAK_LONG - "[-C" USAGE_LONG_CANONICALIZE "] " + "[-a | -A | --addresses | --noaddresses] " USAGE_BREAK - "[-E" USAGE_LONG_ENTERPRISE "] " + "[--request-pac | --no-request-pac] " + USAGE_BREAK + "[-C | --canonicalize] " + USAGE_BREAK + "[-E | --enterprise] " USAGE_BREAK "[-v] [-R] " "[-k [-i|-t keytab_file]] " @@ -199,15 +193,17 @@ usage() } static krb5_context errctx; -static void extended_com_err_fn (const char *myprog, errcode_t code, - const char *fmt, va_list args) +static void +extended_com_err_fn(const char *myprog, errcode_t code, const char *fmt, + va_list args) { const char *emsg; - emsg = krb5_get_error_message (errctx, code); - fprintf (stderr, "%s: %s ", myprog, emsg); - krb5_free_error_message (errctx, emsg); - vfprintf (stderr, fmt, args); - fprintf (stderr, "\n"); + + emsg = krb5_get_error_message(errctx, code); + fprintf(stderr, "%s: %s ", myprog, emsg); + krb5_free_error_message(errctx, emsg); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); } static int @@ -215,18 +211,13 @@ add_preauth_opt(struct k_opts *opts, char *av) { char *sep, *v; krb5_gic_opt_pa_data *p, *x; + size_t newsize = (opts->num_pa_opts + 1) * sizeof(*opts->pa_opts); + + x = realloc(opts->pa_opts, newsize); + if (x == NULL) + return ENOMEM; + opts->pa_opts = x; - if (opts->num_pa_opts == 0) { - opts->pa_opts = malloc(sizeof(krb5_gic_opt_pa_data)); - if (opts->pa_opts == NULL) - return ENOMEM; - } else { - size_t newsize = (opts->num_pa_opts + 1) * sizeof(krb5_gic_opt_pa_data); - x = realloc(opts->pa_opts, newsize); - if (x == NULL) - return ENOMEM; - opts->pa_opts = x; - } p = &opts->pa_opts[opts->num_pa_opts]; sep = strchr(av, '='); if (sep) { @@ -242,10 +233,7 @@ add_preauth_opt(struct k_opts *opts, char *av) } static char * -parse_options(argc, argv, opts) - int argc; - char **argv; - struct k_opts* opts; +parse_options(int argc, char **argv, struct k_opts *opts) { struct option long_options[] = { { "noforwardable", 0, NULL, 'F' }, @@ -260,7 +248,7 @@ parse_options(argc, argv, opts) { "no-request-pac", 0, &opts->not_request_pac, 1 }, { NULL, 0, NULL, 0 } }; - krb5_error_code code; + krb5_error_code ret; int errflg = 0; int i; @@ -271,16 +259,16 @@ parse_options(argc, argv, opts) break; case 'l': /* Lifetime */ - code = krb5_string_to_deltat(optarg, &opts->lifetime); - if (code != 0 || opts->lifetime == 0) { + ret = krb5_string_to_deltat(optarg, &opts->lifetime); + if (ret || opts->lifetime == 0) { fprintf(stderr, _("Bad lifetime value %s\n"), optarg); errflg++; } break; case 'r': /* Renewable Time */ - code = krb5_string_to_deltat(optarg, &opts->rlife); - if (code != 0 || opts->rlife == 0) { + ret = krb5_string_to_deltat(optarg, &opts->rlife); + if (ret || opts->rlife == 0) { fprintf(stderr, _("Bad lifetime value %s\n"), optarg); errflg++; } @@ -307,18 +295,18 @@ parse_options(argc, argv, opts) opts->no_addresses = 1; break; case 's': - code = krb5_string_to_deltat(optarg, &opts->starttime); - if (code != 0 || opts->starttime == 0) { + ret = krb5_string_to_deltat(optarg, &opts->starttime); + if (ret || opts->starttime == 0) { /* Parse as an absolute time; intentionally undocumented * but left for backwards compatibility. */ krb5_timestamp abs_starttime; - code = krb5_string_to_timestamp(optarg, &abs_starttime); - if (code != 0 || abs_starttime == 0) { + ret = krb5_string_to_timestamp(optarg, &abs_starttime); + if (ret || abs_starttime == 0) { fprintf(stderr, _("Bad start time value %s\n"), optarg); errflg++; } else { - opts->starttime = abs_starttime - time(0); + opts->starttime = ts_delta(abs_starttime, time(NULL)); } } break; @@ -332,8 +320,7 @@ parse_options(argc, argv, opts) opts->use_client_keytab = 1; break; case 't': - if (opts->keytab_name) - { + if (opts->keytab_name != NULL) { fprintf(stderr, _("Only one -t option allowed.\n")); errflg++; } else { @@ -341,10 +328,12 @@ parse_options(argc, argv, opts) } break; case 'T': - if (opts->armor_ccache) { + if (opts->armor_ccache != NULL) { fprintf(stderr, _("Only one armor_ccache\n")); errflg++; - } else opts->armor_ccache = optarg; + } else { + opts->armor_ccache = optarg; + } break; case 'R': opts->action = RENEW; @@ -353,8 +342,7 @@ parse_options(argc, argv, opts) opts->action = VALIDATE; break; case 'c': - if (opts->k5_out_cache_name) - { + if (opts->k5_out_cache_name != NULL) { fprintf(stderr, _("Only one -c option allowed\n")); errflg++; } else { @@ -362,7 +350,7 @@ parse_options(argc, argv, opts) } break; case 'I': - if (opts->k5_in_cache_name) { + if (opts->k5_in_cache_name != NULL) { fprintf(stderr, _("Only one -I option allowed\n")); errflg++; } else { @@ -370,10 +358,9 @@ parse_options(argc, argv, opts) } break; case 'X': - code = add_preauth_opt(opts, optarg); - if (code) - { - com_err(progname, code, _("while adding preauth option")); + ret = add_preauth_opt(opts, optarg); + if (ret) { + com_err(progname, ret, _("while adding preauth option")); errflg++; } break; @@ -398,59 +385,49 @@ parse_options(argc, argv, opts) } } - if (opts->forwardable && opts->not_forwardable) - { + if (opts->forwardable && opts->not_forwardable) { fprintf(stderr, _("Only one of -f and -F allowed\n")); errflg++; } - if (opts->proxiable && opts->not_proxiable) - { + if (opts->proxiable && opts->not_proxiable) { fprintf(stderr, _("Only one of -p and -P allowed\n")); errflg++; } - if (opts->request_pac && opts->not_request_pac) - { + if (opts->request_pac && opts->not_request_pac) { fprintf(stderr, _("Only one of --request-pac and --no-request-pac " "allowed\n")); errflg++; } - if (opts->addresses && opts->no_addresses) - { + if (opts->addresses && opts->no_addresses) { fprintf(stderr, _("Only one of -a and -A allowed\n")); errflg++; } - if (opts->keytab_name != NULL && opts->use_client_keytab == 1) - { + if (opts->keytab_name != NULL && opts->use_client_keytab == 1) { fprintf(stderr, _("Only one of -t and -i allowed\n")); errflg++; } if ((opts->keytab_name != NULL || opts->use_client_keytab == 1) && - opts->action != INIT_KT) - { + opts->action != INIT_KT) { opts->action = INIT_KT; fprintf(stderr, _("keytab specified, forcing -k\n")); } - if (argc - optind > 1) { fprintf(stderr, _("Extra arguments (starting with \"%s\").\n"), - argv[optind+1]); + argv[optind + 1]); errflg++; } - if (errflg) { + if (errflg) usage(); - } - opts->principal_name = (optind == argc-1) ? argv[optind] : 0; + opts->principal_name = (optind == argc - 1) ? argv[optind] : 0; return opts->principal_name; } static int -k5_begin(opts, k5) - struct k_opts* opts; - struct k5_data* k5; +k5_begin(struct k_opts *opts, struct k5_data *k5) { - krb5_error_code code = 0; + krb5_error_code ret; int success = 0; int flags = opts->enterprise ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0; krb5_ccache defcache = NULL; @@ -459,17 +436,17 @@ k5_begin(opts, k5) const char *deftype = NULL; char *defrealm, *name; - code = krb5_init_context(&k5->ctx); - if (code) { - com_err(progname, code, _("while initializing Kerberos 5 library")); + ret = krb5_init_context(&k5->ctx); + if (ret) { + com_err(progname, ret, _("while initializing Kerberos 5 library")); return 0; } errctx = k5->ctx; if (opts->k5_out_cache_name) { - code = krb5_cc_resolve(k5->ctx, opts->k5_out_cache_name, &k5->out_cc); - if (code != 0) { - com_err(progname, code, _("resolving ccache %s"), + ret = krb5_cc_resolve(k5->ctx, opts->k5_out_cache_name, &k5->out_cc); + if (ret) { + com_err(progname, ret, _("resolving ccache %s"), opts->k5_out_cache_name); goto cleanup; } @@ -480,9 +457,9 @@ k5_begin(opts, k5) } else { /* Resolve the default ccache and get its type and default principal * (if it is initialized). */ - code = krb5_cc_default(k5->ctx, &defcache); - if (code) { - com_err(progname, code, _("while getting default ccache")); + ret = krb5_cc_default(k5->ctx, &defcache); + if (ret) { + com_err(progname, ret, _("while getting default ccache")); goto cleanup; } deftype = krb5_cc_get_type(k5->ctx, defcache); @@ -493,59 +470,58 @@ k5_begin(opts, k5) /* Choose a client principal name. */ if (opts->principal_name != NULL) { /* Use the specified principal name. */ - code = krb5_parse_name_flags(k5->ctx, opts->principal_name, flags, - &k5->me); - if (code) { - com_err(progname, code, _("when parsing name %s"), + ret = krb5_parse_name_flags(k5->ctx, opts->principal_name, flags, + &k5->me); + if (ret) { + com_err(progname, ret, _("when parsing name %s"), opts->principal_name); goto cleanup; } } else if (opts->anonymous) { /* Use the anonymous principal for the local realm. */ - code = krb5_get_default_realm(k5->ctx, &defrealm); - if (code) { - com_err(progname, code, _("while getting default realm")); + ret = krb5_get_default_realm(k5->ctx, &defrealm); + if (ret) { + com_err(progname, ret, _("while getting default realm")); goto cleanup; } - code = krb5_build_principal_ext(k5->ctx, &k5->me, - strlen(defrealm), defrealm, - strlen(KRB5_WELLKNOWN_NAMESTR), - KRB5_WELLKNOWN_NAMESTR, - strlen(KRB5_ANONYMOUS_PRINCSTR), - KRB5_ANONYMOUS_PRINCSTR, - 0); + ret = krb5_build_principal_ext(k5->ctx, &k5->me, + strlen(defrealm), defrealm, + strlen(KRB5_WELLKNOWN_NAMESTR), + KRB5_WELLKNOWN_NAMESTR, + strlen(KRB5_ANONYMOUS_PRINCSTR), + KRB5_ANONYMOUS_PRINCSTR, 0); krb5_free_default_realm(k5->ctx, defrealm); - if (code) { - com_err(progname, code, _("while building principal")); + if (ret) { + com_err(progname, ret, _("while building principal")); goto cleanup; } } else if (opts->action == INIT_KT && opts->use_client_keytab) { /* Use the first entry from the client keytab. */ - code = krb5_kt_client_default(k5->ctx, &keytab); - if (code) { - com_err(progname, code, + ret = krb5_kt_client_default(k5->ctx, &keytab); + if (ret) { + com_err(progname, ret, _("When resolving the default client keytab")); goto cleanup; } - code = k5_kt_get_principal(k5->ctx, keytab, &k5->me); + ret = k5_kt_get_principal(k5->ctx, keytab, &k5->me); krb5_kt_close(k5->ctx, keytab); - if (code) { - com_err(progname, code, + if (ret) { + com_err(progname, ret, _("When determining client principal name from keytab")); goto cleanup; } } else if (opts->action == INIT_KT) { /* Use the default host/service name. */ - code = krb5_sname_to_principal(k5->ctx, NULL, NULL, KRB5_NT_SRV_HST, - &k5->me); - if (code) { - com_err(progname, code, + ret = krb5_sname_to_principal(k5->ctx, NULL, NULL, KRB5_NT_SRV_HST, + &k5->me); + if (ret) { + com_err(progname, ret, _("when creating default server principal name")); goto cleanup; } if (k5->me->realm.data[0] == 0) { - code = krb5_unparse_name(k5->ctx, k5->me, &k5->name); - if (code == 0) { + ret = krb5_unparse_name(k5->ctx, k5->me, &k5->name); + if (ret == 0) { com_err(progname, KRB5_ERR_HOST_REALM_UNKNOWN, _("(principal %s)"), k5->name); } else { @@ -574,23 +550,22 @@ k5_begin(opts, k5) fprintf(stderr, _("Unable to identify user\n")); goto cleanup; } - code = krb5_parse_name_flags(k5->ctx, name, flags, &k5->me); - if (code) { - com_err(progname, code, _("when parsing name %s"), - name); + ret = krb5_parse_name_flags(k5->ctx, name, flags, &k5->me); + if (ret) { + com_err(progname, ret, _("when parsing name %s"), name); goto cleanup; } } if (k5->out_cc == NULL && krb5_cc_support_switch(k5->ctx, deftype)) { /* Use an existing cache for the client principal if we can. */ - code = krb5_cc_cache_match(k5->ctx, k5->me, &k5->out_cc); - if (code != 0 && code != KRB5_CC_NOTFOUND) { - com_err(progname, code, _("while searching for ccache for %s"), + ret = krb5_cc_cache_match(k5->ctx, k5->me, &k5->out_cc); + if (ret && ret != KRB5_CC_NOTFOUND) { + com_err(progname, ret, _("while searching for ccache for %s"), opts->principal_name); goto cleanup; } - if (code == 0) { + if (!ret) { if (opts->verbose) { fprintf(stderr, _("Using existing cache: %s\n"), krb5_cc_get_name(k5->ctx, k5->out_cc)); @@ -599,9 +574,9 @@ k5_begin(opts, k5) } else if (defcache_princ != NULL) { /* Create a new cache to avoid overwriting the initialized default * cache. */ - code = krb5_cc_new_unique(k5->ctx, deftype, NULL, &k5->out_cc); - if (code) { - com_err(progname, code, _("while generating new ccache")); + ret = krb5_cc_new_unique(k5->ctx, deftype, NULL, &k5->out_cc); + if (ret) { + com_err(progname, ret, _("while generating new ccache")); goto cleanup; } if (opts->verbose) { @@ -623,9 +598,9 @@ k5_begin(opts, k5) } if (opts->k5_in_cache_name) { - code = krb5_cc_resolve(k5->ctx, opts->k5_in_cache_name, &k5->in_cc); - if (code != 0) { - com_err(progname, code, _("resolving ccache %s"), + ret = krb5_cc_resolve(k5->ctx, opts->k5_in_cache_name, &k5->in_cc); + if (ret) { + com_err(progname, ret, _("resolving ccache %s"), opts->k5_in_cache_name); goto cleanup; } @@ -635,10 +610,9 @@ k5_begin(opts, k5) } } - - code = krb5_unparse_name(k5->ctx, k5->me, &k5->name); - if (code) { - com_err(progname, code, _("when unparsing name")); + ret = krb5_unparse_name(k5->ctx, k5->me, &k5->name); + if (ret) { + com_err(progname, ret, _("when unparsing name")); goto cleanup; } if (opts->verbose) @@ -656,33 +630,22 @@ cleanup: } static void -k5_end(k5) - struct k5_data* k5; +k5_end(struct k5_data *k5) { - if (k5->name) - krb5_free_unparsed_name(k5->ctx, k5->name); - if (k5->me) - krb5_free_principal(k5->ctx, k5->me); - if (k5->in_cc) + krb5_free_unparsed_name(k5->ctx, k5->name); + krb5_free_principal(k5->ctx, k5->me); + if (k5->in_cc != NULL) krb5_cc_close(k5->ctx, k5->in_cc); - if (k5->out_cc) + if (k5->out_cc != NULL) krb5_cc_close(k5->ctx, k5->out_cc); - if (k5->ctx) - krb5_free_context(k5->ctx); + krb5_free_context(k5->ctx); errctx = NULL; memset(k5, 0, sizeof(*k5)); } -static krb5_error_code -KRB5_CALLCONV -kinit_prompter( - krb5_context ctx, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[] -) +static krb5_error_code KRB5_CALLCONV +kinit_prompter(krb5_context ctx, void *data, const char *name, + const char *banner, int num_prompts, krb5_prompt prompts[]) { krb5_boolean *pwprompt = data; krb5_prompt_type *ptypes; @@ -694,34 +657,27 @@ kinit_prompter( if (ptypes != NULL && ptypes[i] == KRB5_PROMPT_TYPE_PASSWORD) *pwprompt = TRUE; } - return krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts); } static int -k5_kinit(opts, k5) - struct k_opts* opts; - struct k5_data* k5; +k5_kinit(struct k_opts *opts, struct k5_data *k5) { int notix = 1; krb5_keytab keytab = 0; krb5_creds my_creds; - krb5_error_code code = 0; + krb5_error_code ret; krb5_get_init_creds_opt *options = NULL; krb5_boolean pwprompt = FALSE; + krb5_address **addresses = NULL; int i; memset(&my_creds, 0, sizeof(my_creds)); - code = krb5_get_init_creds_opt_alloc(k5->ctx, &options); - if (code) + ret = krb5_get_init_creds_opt_alloc(k5->ctx, &options); + if (ret) goto cleanup; - /* - From this point on, we can goto cleanup because my_creds is - initialized. - */ - if (opts->lifetime) krb5_get_init_creds_opt_set_tkt_life(options, opts->lifetime); if (opts->rlife) @@ -738,63 +694,61 @@ k5_kinit(opts, k5) krb5_get_init_creds_opt_set_canonicalize(options, 1); if (opts->anonymous) krb5_get_init_creds_opt_set_anonymous(options, 1); - if (opts->addresses) - { - krb5_address **addresses = NULL; - code = krb5_os_localaddr(k5->ctx, &addresses); - if (code != 0) { - com_err(progname, code, _("getting local addresses")); + if (opts->addresses) { + ret = krb5_os_localaddr(k5->ctx, &addresses); + if (ret) { + com_err(progname, ret, _("getting local addresses")); goto cleanup; } krb5_get_init_creds_opt_set_address_list(options, addresses); } if (opts->no_addresses) krb5_get_init_creds_opt_set_address_list(options, NULL); - if (opts->armor_ccache) - krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache); + if (opts->armor_ccache != NULL) { + krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, + opts->armor_ccache); + } if (opts->request_pac) krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, TRUE); if (opts->not_request_pac) krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, FALSE); - if ((opts->action == INIT_KT) && opts->keytab_name) - { + if (opts->action == INIT_KT && opts->keytab_name != NULL) { #ifndef _WIN32 if (strncmp(opts->keytab_name, "KDB:", 4) == 0) { - code = kinit_kdb_init(&k5->ctx, - krb5_princ_realm(k5->ctx, k5->me)->data); - if (code != 0) { - com_err(progname, code, + ret = kinit_kdb_init(&k5->ctx, k5->me->realm.data); + if (ret) { + com_err(progname, ret, _("while setting up KDB keytab for realm %s"), - krb5_princ_realm(k5->ctx, k5->me)->data); + k5->me->realm.data); goto cleanup; } } #endif - code = krb5_kt_resolve(k5->ctx, opts->keytab_name, &keytab); - if (code != 0) { - com_err(progname, code, _("resolving keytab %s"), + ret = krb5_kt_resolve(k5->ctx, opts->keytab_name, &keytab); + if (ret) { + com_err(progname, ret, _("resolving keytab %s"), opts->keytab_name); goto cleanup; } if (opts->verbose) fprintf(stderr, _("Using keytab: %s\n"), opts->keytab_name); } else if (opts->action == INIT_KT && opts->use_client_keytab) { - code = krb5_kt_client_default(k5->ctx, &keytab); - if (code != 0) { - com_err(progname, code, _("resolving default client keytab")); + ret = krb5_kt_client_default(k5->ctx, &keytab); + if (ret) { + com_err(progname, ret, _("resolving default client keytab")); goto cleanup; } } for (i = 0; i < opts->num_pa_opts; i++) { - code = krb5_get_init_creds_opt_set_pa(k5->ctx, options, - opts->pa_opts[i].attr, - opts->pa_opts[i].value); - if (code != 0) { - com_err(progname, code, _("while setting '%s'='%s'"), + ret = krb5_get_init_creds_opt_set_pa(k5->ctx, options, + opts->pa_opts[i].attr, + opts->pa_opts[i].value); + if (ret) { + com_err(progname, ret, _("while setting '%s'='%s'"), opts->pa_opts[i].attr, opts->pa_opts[i].value); goto cleanup; } @@ -804,43 +758,39 @@ k5_kinit(opts, k5) } } if (k5->in_cc) { - code = krb5_get_init_creds_opt_set_in_ccache(k5->ctx, options, - k5->in_cc); - if (code) + ret = krb5_get_init_creds_opt_set_in_ccache(k5->ctx, options, + k5->in_cc); + if (ret) goto cleanup; } - code = krb5_get_init_creds_opt_set_out_ccache(k5->ctx, options, - k5->out_cc); - if (code) + ret = krb5_get_init_creds_opt_set_out_ccache(k5->ctx, options, k5->out_cc); + if (ret) goto cleanup; switch (opts->action) { case INIT_PW: - code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me, - 0, kinit_prompter, &pwprompt, - opts->starttime, - opts->service_name, - options); + ret = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me, 0, + kinit_prompter, &pwprompt, + opts->starttime, opts->service_name, + options); break; case INIT_KT: - code = krb5_get_init_creds_keytab(k5->ctx, &my_creds, k5->me, - keytab, - opts->starttime, - opts->service_name, - options); + ret = krb5_get_init_creds_keytab(k5->ctx, &my_creds, k5->me, keytab, + opts->starttime, opts->service_name, + options); break; case VALIDATE: - code = krb5_get_validated_creds(k5->ctx, &my_creds, k5->me, k5->out_cc, - opts->service_name); + ret = krb5_get_validated_creds(k5->ctx, &my_creds, k5->me, k5->out_cc, + opts->service_name); break; case RENEW: - code = krb5_get_renewed_creds(k5->ctx, &my_creds, k5->me, k5->out_cc, - opts->service_name); + ret = krb5_get_renewed_creds(k5->ctx, &my_creds, k5->me, k5->out_cc, + opts->service_name); break; } - if (code) { - char *doing = 0; + if (ret) { + char *doing = NULL; switch (opts->action) { case INIT_PW: case INIT_KT: @@ -856,41 +806,40 @@ k5_kinit(opts, k5) /* If reply decryption failed, or if pre-authentication failed and we * were prompted for a password, assume the password was wrong. */ - if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY || - (pwprompt && code == KRB5KDC_ERR_PREAUTH_FAILED)) { + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY || + (pwprompt && ret == KRB5KDC_ERR_PREAUTH_FAILED)) { fprintf(stderr, _("%s: Password incorrect while %s\n"), progname, doing); } else { - com_err(progname, code, _("while %s"), doing); + com_err(progname, ret, _("while %s"), doing); } goto cleanup; } - if ((opts->action != INIT_PW) && (opts->action != INIT_KT)) { - code = krb5_cc_initialize(k5->ctx, k5->out_cc, opts->canonicalize ? - my_creds.client : k5->me); - if (code) { - com_err(progname, code, _("when initializing cache %s"), - opts->k5_out_cache_name?opts->k5_out_cache_name:""); + if (opts->action != INIT_PW && opts->action != INIT_KT) { + ret = krb5_cc_initialize(k5->ctx, k5->out_cc, opts->canonicalize ? + my_creds.client : k5->me); + if (ret) { + com_err(progname, ret, _("when initializing cache %s"), + opts->k5_out_cache_name ? opts->k5_out_cache_name : ""); goto cleanup; } if (opts->verbose) fprintf(stderr, _("Initialized cache\n")); - code = krb5_cc_store_cred(k5->ctx, k5->out_cc, &my_creds); - if (code) { - com_err(progname, code, _("while storing credentials")); + ret = krb5_cc_store_cred(k5->ctx, k5->out_cc, &my_creds); + if (ret) { + com_err(progname, ret, _("while storing credentials")); goto cleanup; } if (opts->verbose) fprintf(stderr, _("Stored credentials\n")); } notix = 0; - if (k5->switch_to_cache) { - code = krb5_cc_switch(k5->ctx, k5->out_cc); - if (code) { - com_err(progname, code, _("while switching to new ccache")); + ret = krb5_cc_switch(k5->ctx, k5->out_cc); + if (ret) { + com_err(progname, ret, _("while switching to new ccache")); goto cleanup; } } @@ -901,24 +850,21 @@ cleanup: #endif if (options) krb5_get_init_creds_opt_free(k5->ctx, options); - if (my_creds.client == k5->me) { + if (my_creds.client == k5->me) my_creds.client = 0; - } if (opts->pa_opts) { free(opts->pa_opts); opts->pa_opts = NULL; opts->num_pa_opts = 0; } krb5_free_cred_contents(k5->ctx, &my_creds); - if (keytab) + if (keytab != NULL) krb5_kt_close(k5->ctx, keytab); - return notix?0:1; + return notix ? 0 : 1; } int -main(argc, argv) - int argc; - char **argv; +main(int argc, char *argv[]) { struct k_opts opts; struct k5_data k5; @@ -928,11 +874,11 @@ main(argc, argv) progname = GET_PROGNAME(argv[0]); /* Ensure we can be driven from a pipe */ - if(!isatty(fileno(stdin))) + if (!isatty(fileno(stdin))) setvbuf(stdin, 0, _IONBF, 0); - if(!isatty(fileno(stdout))) + if (!isatty(fileno(stdout))) setvbuf(stdout, 0, _IONBF, 0); - if(!isatty(fileno(stderr))) + if (!isatty(fileno(stderr))) setvbuf(stderr, 0, _IONBF, 0); memset(&opts, 0, sizeof(opts)); @@ -940,7 +886,7 @@ main(argc, argv) memset(&k5, 0, sizeof(k5)); - set_com_err_hook (extended_com_err_fn); + set_com_err_hook(extended_com_err_fn); parse_options(argc, argv, &opts); |