/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
*
* Copyright (C) 2002, 2003 by the Massachusetts Institute of Technology.
* All rights reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
/* Solaris Kerberos */
#include <libintl.h>
#include <locale.h>
#include "k5-int.h"
/*ARGSUSED*/
static krb5_error_code
void *prompter_data,
void *gak_data)
{
/* if there's already a key of the correct etype, we're done.
if the etype is wrong, free the existing key, and make
a new one. */
return(0);
}
if (!krb5_c_valid_enctype(etype))
return(KRB5_PROG_ETYPE_NOSUPP);
/* Solaris Kerberos */
0, /* don't have vno available */
return(ret);
/* again, krb5's memory management is lame... */
return(ret);
}
char *in_tkt_service,
{
int use_master;
if (arg_keytab == NULL) {
return ret;
} else {
keytab = arg_keytab;
}
"krb5_get_init_creds_keytab");
if (ret)
return ret;
/*
* Solaris Kerberos:
* If "client" was constructed from krb5_sname_to_princ() it may
* have a referral realm. This happens when there is no applicable
* domain-to-realm mapping in the Kerberos configuration file.
* If that is the case then the realm of the first principal found
* in the keytab which matches the client can be used for the client's
* realm.
*/
if (ret == 0) {
} else {
/* Try to set a useful error message */
gettext("Failed to find realm for %s in keytab"),
if (princ)
}
}
if (ret != 0)
goto cleanup;
use_master = 0;
/* first try: get the requested tkt from any kdc */
krb5_get_as_key_keytab, (void *) keytab,
&use_master,NULL);
/* check for success */
if (ret == 0)
goto cleanup;
/* If all the kdc's are unavailable fail */
goto cleanup;
/* if the reply did not come from the master kdc, try again with
the master kdc */
if (!use_master) {
use_master = 1;
krb5_get_as_key_keytab, (void *) keytab,
&use_master, NULL);
if (ret2 == 0) {
ret = 0;
goto cleanup;
}
/* if the master is unreachable, return the error from the
slave we were able to contact */
if ((ret2 == KRB5_KDC_UNREACH) ||
(ret2 == KRB5_REALM_CANT_RESOLVE) ||
(ret2 == KRB5_REALM_UNKNOWN))
goto cleanup;
}
/* at this point, we have a response from the master. Since we don't
do any prompting or changing for keytabs, that's it. */
if (arg_keytab == NULL)
return(ret);
}
{
int use_master = 0;
if (retval)
return retval;
if (arg_keytab == NULL) {
if (retval)
return retval;
}
else keytab = arg_keytab;
if (retval)
goto cleanup;
krb5_get_as_key_keytab, (void *)keytab,
if (retval) {
goto cleanup;
}
/* store it in the ccache! */
if (ccache)
goto cleanup;
return retval;
}