From 180a76dd3dda775ffb1d48550a971f84dca2ca95 Mon Sep 17 00:00:00 2001
From: saikiranakula-amzn <saakla@amazon.com>
Date: Thu, 25 May 2023 17:15:53 +0000
Subject: [PATCH 1/2] Use krb apis

---
 auth/kerberos/src/krb.cpp | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/auth/kerberos/src/krb.cpp b/auth/kerberos/src/krb.cpp
index 4cf9d470..3575218c 100644
--- a/auth/kerberos/src/krb.cpp
+++ b/auth/kerberos/src/krb.cpp
@@ -73,7 +73,7 @@ static std::pair<int, std::string> exec_shell_cmd( std::string cmd )
  * If the host is domain-joined, the result is of the form EC2AMAZ-Q5VJZQ$@CONTOSO.COM'
  * @param domain_name: Expected domain name as per configuration
  * @return result pair<int, std::string> (error-code - 0 if successful
- *                          string of the form EC2AMAZ-Q5VJZQ$@CONTOSO .COM')
+ *                          string of the form EC2AMAZ-Q5VJZQ$@CONTOSO.COM')
  */
 static std::pair<int, std::string> get_machine_principal( std::string domain_name, creds_fetcher::CF_logger& cf_logger )
 {
@@ -258,7 +258,7 @@ int get_user_krb_ticket( std::string domain_name, std::string aws_sm_secret_name
                     []( unsigned char c ) { return std::toupper( c ); } );
 
     // kinit using api interface
-    char *kinit_argv[2];
+    char *kinit_argv[3];
 
     kinit_argv[0] = (char *)"my_kinit";
     username = username + "@" + domain_name;
@@ -292,6 +292,7 @@ int get_domainless_user_krb_ticket( std::string domain_name, std::string usernam
                          creds_fetcher::CF_logger& cf_logger )
 {
     std::pair<int, std::string> result;
+    int ret;
 
     std::pair<int, std::string> cmd = exec_shell_cmd( "which hostname" );
     rtrim( cmd.second );
@@ -316,14 +317,19 @@ int get_domainless_user_krb_ticket( std::string domain_name, std::string usernam
 
     std::transform( domain_name.begin(), domain_name.end(), domain_name.begin(),
                     []( unsigned char c ) { return std::toupper( c ); } );
-    std::string kinit_cmd = "echo '"  + password +  "' | kinit -V " + username + "@" +
-                            domain_name;
+
+    // kinit using api interface
+    char *kinit_argv[3];
+
+    kinit_argv[0] = (char *)"my_kinit";
+    username = username + "@" + domain_name;
+    kinit_argv[1] = (char *)username.c_str();
+    kinit_argv[2] = (char *)password.c_str();
+    ret = my_kinit_main(2, kinit_argv);
     username = "xxxx";
     password = "xxxx";
-    result = exec_shell_cmd( kinit_cmd );
-    kinit_cmd = "xxxx";
 
-    return result.first;
+    return ret;
 }
 
 

From 7f2c7115b978c33f2d6c093841cff2d235edcfc7 Mon Sep 17 00:00:00 2001
From: Samiullah Mohammed <samiull@amazon.com>
Date: Thu, 25 May 2023 10:24:32 -0700
Subject: [PATCH 2/2] Update krb.cpp

Added minor comment
---
 auth/kerberos/src/krb.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/auth/kerberos/src/krb.cpp b/auth/kerberos/src/krb.cpp
index 3575218c..67b96073 100644
--- a/auth/kerberos/src/krb.cpp
+++ b/auth/kerberos/src/krb.cpp
@@ -329,6 +329,7 @@ int get_domainless_user_krb_ticket( std::string domain_name, std::string usernam
     username = "xxxx";
     password = "xxxx";
 
+    //TODO: nit - return pair later
     return ret;
 }