in common/util.hpp [805:880]
static std::pair<int, std::string> generate_krb_ticket_using_secret_vault(
std::string domain_name, std::string aws_sm_secret_name, CF_logger& cf_logger )
{
std::pair<int, std::string> result;
result = Util::check_util_binaries_permissions();
if ( result.first != 0 )
{
return result;
}
std::string username = "";
std::string password = "";
Json::Value root = Util::get_secret_from_secrets_manager( aws_sm_secret_name );
std::string distinguished_name = "";
if ( root != Json::nullValue )
{
username = root["username"].asString();
if ( username.empty() )
{
username = root["usernameOfStandardUserAccount"].asString();
}
password = root["password"].asString();
if ( password.empty() )
{
password = root["passwordOfStandardUserAccount"].asString();
}
distinguished_name = root["distinguishedName"].asString();
if ( distinguished_name.empty() )
{
distinguished_name = root["distinguishedNameOfgMSA"].asString();
}
}
else
{
return std::make_pair( -1, "ERROR: username and password not found in secret" );
}
if ( !distinguished_name.empty() )
{
std::string err_msg = "[Optional] DN from Secrets Manager = " + distinguished_name;
std::cerr << err_msg << std::endl;
cf_logger.logger( LOG_ERR, err_msg.c_str() );
}
std::transform( domain_name.begin(), domain_name.end(), domain_name.begin(),
[]( unsigned char c ) { return std::toupper( c ); } );
// kinit using api interface
char* kinit_argv[3];
kinit_argv[0] = (char*)"my_kinit";
username = username + "@" + domain_name;
kinit_argv[1] = (char*)username.c_str();
kinit_argv[2] = (char*)password.c_str();
int ret = my_kinit_main( 2, kinit_argv );
#if 0
/* The old way */
std::string kinit_cmd = "echo '" + password + "' | kinit -V " + username + "@" +
domain_name;
username = "xxxx";
password = "xxxx";
result = Util::exec_shell_cmd( kinit_cmd );
kinit_cmd = "xxxx";
return result.first;
#endif
Util::clearString( username );
Util::clearString( password );
result = std::make_pair( ret, distinguished_name );
return result;
}