From: Andreas Schneider Date: Thu, 17 Dec 2015 17:54:19 +0000 (+0100) Subject: Add kinit PAC request options X-Git-Tag: krb5-1.15-beta1~209 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5c8e57b77d440dbce565579e10e279acfde4674;p=thirdparty%2Fkrb5.git Add kinit PAC request options Add --request-pac and --no-request-pac options to kinit, to explicitly request inclusion or exclusion of PAC authorization data. ticket: 7985 --- diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index c039241d49..f24c319c1b 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -88,11 +88,13 @@ struct k_opts int forwardable; int proxiable; + int request_pac; int anonymous; int addresses; int not_forwardable; int not_proxiable; + int not_request_pac; int no_addresses; int verbose; @@ -128,18 +130,6 @@ struct k5_data stored in *(struct[2]), the array index which was specified is stored in *index, and long_getopt() returns 0. */ -struct option long_options[] = { - { "noforwardable", 0, NULL, 'F' }, - { "noproxiable", 0, NULL, 'P' }, - { "addresses", 0, NULL, 'a'}, - { "forwardable", 0, NULL, 'f' }, - { "proxiable", 0, NULL, 'p' }, - { "noaddresses", 0, NULL, 'A' }, - { "canonicalize", 0, NULL, 'C' }, - { "enterprise", 0, NULL, 'E' }, - { NULL, 0, NULL, 0 } -}; - const char *shopts = "r:fpFPn54aAVl:s:c:kit:T:RS:vX:CEI:"; static void @@ -152,6 +142,7 @@ usage() #define USAGE_LONG_ADDRESSES " | --addresses | --noaddresses" #define USAGE_LONG_CANONICALIZE " | --canonicalize" #define USAGE_LONG_ENTERPRISE " | --enterprise" +#define USAGE_LONG_REQUESTPAC "--request-pac | --no-request-pac" #define USAGE_BREAK_LONG USAGE_BREAK fprintf(stderr, "Usage: %s [-V] " @@ -165,6 +156,8 @@ usage() "-n " "[-a | -A" USAGE_LONG_ADDRESSES "] " USAGE_BREAK_LONG + "[" USAGE_LONG_REQUESTPAC "] " + USAGE_BREAK_LONG "[-C" USAGE_LONG_CANONICALIZE "] " USAGE_BREAK "[-E" USAGE_LONG_ENTERPRISE "] " @@ -254,6 +247,19 @@ parse_options(argc, argv, opts) char **argv; struct k_opts* opts; { + struct option long_options[] = { + { "noforwardable", 0, NULL, 'F' }, + { "noproxiable", 0, NULL, 'P' }, + { "addresses", 0, NULL, 'a'}, + { "forwardable", 0, NULL, 'f' }, + { "proxiable", 0, NULL, 'p' }, + { "noaddresses", 0, NULL, 'A' }, + { "canonicalize", 0, NULL, 'C' }, + { "enterprise", 0, NULL, 'E' }, + { "request-pac", 0, &opts->request_pac, 1 }, + { "no-request-pac", 0, &opts->not_request_pac, 1 }, + { NULL, 0, NULL, 0 } + }; krb5_error_code code; int errflg = 0; int i; @@ -383,6 +389,9 @@ parse_options(argc, argv, opts) break; case '5': break; + case 0: + /* If this option set a flag, do nothing else now. */ + break; default: errflg++; break; @@ -399,6 +408,12 @@ parse_options(argc, argv, opts) fprintf(stderr, _("Only one of -p and -P allowed\n")); errflg++; } + if (opts->request_pac && opts->not_request_pac) + { + fprintf(stderr, _("Only one of --request-pac and --no-request-pac " + "allowed\n")); + errflg++; + } if (opts->addresses && opts->no_addresses) { fprintf(stderr, _("Only one of -a and -A allowed\n")); @@ -727,6 +742,10 @@ k5_kinit(opts, k5) krb5_get_init_creds_opt_set_address_list(options, NULL); if (opts->armor_ccache) krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache); + if (opts->request_pac) + krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, TRUE); + if (opts->not_request_pac) + krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, FALSE); if ((opts->action == INIT_KT) && opts->keytab_name)