Query, Need help for building principal and retrieving service cred from cache.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Query, Need help for building principal and retrieving service cred from cache.

Santosh Kumar
All,
Could you please help with information i'm replacing the heimdal calls into
mit.


char * serverRealm =  "CSQALAB.NET"
char * HTTPSVC = "HTTP"
char * server = "Parent-2K16.csqalab.net"


krb5_creds inCred, outCred;
memset(&inCred, 0, sizeof(inCred));
memset(&outCred, 0, sizeof(outCred));
#if heimdal
        m_error = krb5_make_principal(m_context, &inCred.server,
serverRealm, HTTPSVC, server, NULL);
        if (m_error == 0) {
             m_error = krb5_cc_retrieve_cred(m_context, m_cache, flags,
&inCred, &outCred);
         }
#endif

#if MIT
        m_error =krb5_build_principal_ext(m_context,&inCred.server,
                                          strlen(serverRealm), serverRealm,
                                          strlen(HTTPSVC),HTTPSVC,
                                          strlen(server),server,
                                          0);
       if (m_error == 0) {
             m_error = krb5_cc_retrieve_cred(m_context, m_cache, flags,
&inCred, &outCred);
         }

 i'm getting crash:

(gdb) bt
#0  0xf7673f60 in krb5_principal_compare_flags (context=0xa449930,
princ1=0x0, princ2=0xa444ab0, flags=0) at princ_comp.c:108
#1  0xf7674183 in krb5_principal_compare (context=0xa449930, princ1=0x0,
princ2=0xa444ab0) at princ_comp.c:169
#2  0xf764f1ec in standard_fields_match (context=0xa449930, whichfields=0,
mcreds=0xfff48dc8, creds=0xfff48ba0) at cc_retr.c:67
#3  krb5int_cc_creds_match_request (context=0xa449930, whichfields=0,
mcreds=0xfff48dc8, creds=0xfff48ba0) at cc_retr.c:172
#4  0xf764f842 in krb5_cc_retrieve_cred_seq (context=0xa449930,
id=0xa44ae70, whichfields=0, mcreds=0xfff48dc8, creds=0xfff48d74,
nktypes=0, ktypes=0x0) at cc_retr.c:233
#5  0xf764faa0 in krb5_cc_retrieve_cred_default (context=0xa449930,
id=0xa44ae70, flags=0, mcreds=0xfff48dc8, creds=0xfff48d74) at cc_retr.c:290
#6  0xf76533c9 in krb5_mcc_retrieve (context=0xa449930, id=0xa44ae70,
whichfields=0, mcreds=0xfff48dc8, creds=0xfff48d74) at cc_memory.c:591
#7  0xf76540c2 in krb5_cc_retrieve_cred (context=0xa449930,
cache=0xa44ae70, flags=0, mcreds=0xfff48dc8, creds=0xfff48d74) at
ccfns.c:126


 should i use  code = krb5int_construct_matching_creds(context, options,
in_creds,  &mcreds, &fields); before calling retrive from cache.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Query, Need help for building principal and retrieving service cred from cache.

Greg Hudson
On 11/26/2018 06:30 AM, Santosh Kumar wrote:
>   i'm getting crash:
>
> (gdb) bt
> #0  0xf7673f60 in krb5_principal_compare_flags (context=0xa449930,
> princ1=0x0, princ2=0xa444ab0, flags=0) at princ_comp.c:108
> #1  0xf7674183 in krb5_principal_compare (context=0xa449930, princ1=0x0,
> princ2=0xa444ab0) at princ_comp.c:169
> #2  0xf764f1ec in standard_fields_match (context=0xa449930, whichfields=0,
> mcreds=0xfff48dc8, creds=0xfff48ba0) at cc_retr.c:67

You need to set a client principal in the matching cred.  Heimdal allows
searching for just the server principal, but MIT's library does not.

>   should i use  code = krb5int_construct_matching_creds(context, options,
> in_creds,  &mcreds, &fields); before calling retrive from cache.

That's an internal function (as indicated by the "int" in the prefix),
so you can't use it in an application.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Query, Need help for building principal and retrieving service cred from cache.

Santosh Kumar
 Greg,

  Thank you,  crash is fixed by the additional build_principal for client
principal.

   now while retrieving from cache -  "Matching credential not found"


char * serverRealm =  "PCSQALAB.NET"
char * HTTPSVC = "HTTP"
char * server = "Parent-2K16.pcsqalab.net"


krb5_creds inCred, outCred;
memset(&inCred, 0, sizeof(inCred)); memset(&outCred, 0, sizeof(outCred));


        m_error =krb5_build_principal_ext(m_context,&inCred.server,
                                          strlen(serverRealm), serverRealm,
                                          strlen(HTTPSVC),HTTPSVC,
                                          strlen(server),server,
                                          0);

     *   m_error =krb5_build_principal_ext(m_context,&inCred.client,*
*                                          strlen(serverRealm),
serverRealm, *
*                                         strlen(serverRealm), serverRealm,
 0);*

         flags = 0;
         m_error = krb5_cc_retrieve_cred(m_context, m_cache, flags,
&inCred, &outCred);    /*/ need 3rd service ticket from the below cache.*

*Below is the cache contents, *
Ticket cache: FILE:/tmp/krb5cc_36073
Default principal: host/[hidden email]

Valid starting     Expires            Service principal
11/26/18 15:49:44  11/27/18 01:49:44  krbtgt/[hidden email]
                -----(1)
        renew until 12/03/18 15:49:44
11/26/18 15:50:15  11/27/18 01:49:44  host/[hidden email]
                ------(2)
        for client leema\@[hidden email], renew until 12/03/18
15:49:44
11/26/18 15:50:15  11/27/18 01:49:44  http/
[hidden email]            ------(3)
        for client leema\@[hidden email], renew until 12/03/18
15:49:44


Am i building the wrong client or server principal, could you/anyone please
suggest.





On Mon, Nov 26, 2018 at 10:47 PM Greg Hudson <[hidden email]> wrote:

> On 11/26/2018 06:30 AM, Santosh Kumar wrote:
> >   i'm getting crash:
> >
> > (gdb) bt
> > #0  0xf7673f60 in krb5_principal_compare_flags (context=0xa449930,
> > princ1=0x0, princ2=0xa444ab0, flags=0) at princ_comp.c:108
> > #1  0xf7674183 in krb5_principal_compare (context=0xa449930, princ1=0x0,
> > princ2=0xa444ab0) at princ_comp.c:169
> > #2  0xf764f1ec in standard_fields_match (context=0xa449930,
> whichfields=0,
> > mcreds=0xfff48dc8, creds=0xfff48ba0) at cc_retr.c:67
>
> You need to set a client principal in the matching cred.  Heimdal allows
> searching for just the server principal, but MIT's library does not.
>
> >   should i use  code = krb5int_construct_matching_creds(context, options,
> > in_creds,  &mcreds, &fields); before calling retrive from cache.
>
> That's an internal function (as indicated by the "int" in the prefix),
> so you can't use it in an application.
>
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Query, Need help for building principal and retrieving service cred from cache.

Greg Hudson
On 11/27/2018 05:24 AM, Santosh Kumar wrote:>     now while retrieving
from cache -  "Matching credential not found"
[...]
 > Am i building the wrong client or server principal, could you/anyone
 > please suggest.

 From klist, the client principal is leema\@[hidden email],
while the code appears to be constructing [hidden email].
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Query, Need help for building principal and retrieving service cred from cache.

Santosh Kumar
It's working. Thank you

On Tue, Nov 27, 2018 at 10:52 PM Greg Hudson <[hidden email]> wrote:

> On 11/27/2018 05:24 AM, Santosh Kumar wrote:>     now while retrieving
> from cache -  "Matching credential not found"
> [...]
>  > Am i building the wrong client or server principal, could you/anyone
>  > please suggest.
>
>  From klist, the client principal is leema\@[hidden email],
> while the code appears to be constructing [hidden email].
>
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos