diff options
| author | Tom Yu <tlyu@mit.edu> | 2004-06-16 01:49:50 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2004-06-16 01:49:50 +0000 |
| commit | b73aeda471c20da30f54aa3f85a74a79c0e9a163 (patch) | |
| tree | 0eec23aaa52554919b6de8092df57fb7ce8e918f | |
| parent | d7e356e114e98010f63470bc7e381dd381aa2329 (diff) | |
| download | krb5-b73aeda471c20da30f54aa3f85a74a79c0e9a163.zip krb5-b73aeda471c20da30f54aa3f85a74a79c0e9a163.tar.gz krb5-b73aeda471c20da30f54aa3f85a74a79c0e9a163.tar.bz2 | |
* client_principal.c (eret): Add some debugging messages for some
RPC errors.
* client_init.c (_kadm5_init_any): Add support for RPCSEC_GSS.
Default to using AUTH_GSSAPI for ovsec.
ticket: 2578
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/tlyu-umich-rpc@16459 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/kadm5/clnt/ChangeLog | 8 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/client_init.c | 41 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/client_principal.c | 34 |
3 files changed, 57 insertions, 26 deletions
diff --git a/src/lib/kadm5/clnt/ChangeLog b/src/lib/kadm5/clnt/ChangeLog index 8978acf..9b6e26d 100644 --- a/src/lib/kadm5/clnt/ChangeLog +++ b/src/lib/kadm5/clnt/ChangeLog @@ -1,3 +1,11 @@ +2004-06-15 Tom Yu <tlyu@mit.edu> + + * client_principal.c (eret): Add some debugging messages for some + RPC errors. + + * client_init.c (_kadm5_init_any): Add support for RPCSEC_GSS. + Default to using AUTH_GSSAPI for ovsec. + 2003-12-13 Ken Raeburn <raeburn@mit.edu> * client_init.c (enctypes): Variable deleted. diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index cfe1381..93768ea 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -55,6 +55,7 @@ #define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" +static int old_auth_gssapi = 0; enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS }; @@ -221,6 +222,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, realm = params_local.realm = (char *) params_in; if (params_in) params_local.mask = KADM5_CONFIG_REALM; + + /* Use old AUTH_GSSAPI for version 1 protocol. */ + params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI; params_in = ¶ms_local; } else { if (params_in && (params_in->mask & KADM5_CONFIG_REALM)) @@ -485,19 +489,29 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, } #ifndef INIT_TEST - handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, - &gssstat, - &minor_stat, - gss_client_creds, - gss_target, - (gss_OID) gss_mech_krb5, - GSS_C_MUTUAL_FLAG - | GSS_C_REPLAY_FLAG, - 0, - NULL, - NULL, - NULL); + if (params_in != NULL && + (params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { + handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, + &gssstat, + &minor_stat, + gss_client_creds, + gss_target, + (gss_OID) gss_mech_krb5, + GSS_C_MUTUAL_FLAG + | GSS_C_REPLAY_FLAG, + 0, + NULL, + NULL, + NULL); + } else { + struct rpc_gss_sec sec; + sec.mech = gss_mech_krb5; + sec.qop = GSS_C_QOP_DEFAULT; + sec.svc = RPCSEC_GSS_SVC_PRIVACY; + handle->clnt->cl_auth = authgss_create(handle->clnt, + gss_target, &sec); + } (void) gss_release_name(&minor_stat, &gss_target); #endif /* ! INIT_TEST */ @@ -524,6 +538,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, r = init_1(&handle->api_version, handle->clnt); if (r == NULL) { code = KADM5_RPC_ERROR; +#ifdef DEBUG + clnt_perror(handle->clnt, "init_1 null resp"); +#endif goto error; } if (r->code) { diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index e364d2d..972a7b3 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -16,6 +16,12 @@ static char *rcsid = "$Header$"; #endif #include "client_internal.h" +#ifdef DEBUG +#define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0) +#else +#define eret() do { return KADM5_RPC_ERROR; } while (0) +#endif + kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t princ, long mask, @@ -69,7 +75,7 @@ kadm5_create_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -130,7 +136,7 @@ kadm5_create_principal_3(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -149,7 +155,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) arg.api_version = handle->api_version; r = delete_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -202,7 +208,7 @@ kadm5_modify_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -227,7 +233,7 @@ kadm5_get_principal(void *server_handle, arg.api_version = handle->api_version; r = get_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { kadm5_principal_ent_t_v1 *entp; @@ -267,7 +273,7 @@ kadm5_get_principals(void *server_handle, arg.api_version = handle->api_version; r = get_princs_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if(r->code == 0) { *count = r->count; *princs = r->princs; @@ -296,7 +302,7 @@ kadm5_rename_principal(void *server_handle, return EINVAL; r = rename_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -318,7 +324,7 @@ kadm5_chpass_principal(void *server_handle, return EINVAL; r = chpass_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -345,7 +351,7 @@ kadm5_chpass_principal_3(void *server_handle, return EINVAL; r = chpass_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -368,7 +374,7 @@ kadm5_setv4key_principal(void *server_handle, return EINVAL; r = setv4key_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -393,7 +399,7 @@ kadm5_setkey_principal(void *server_handle, return EINVAL; r = setkey_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -423,7 +429,7 @@ kadm5_setkey_principal_3(void *server_handle, return EINVAL; r = setkey_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -451,7 +457,7 @@ kadm5_randkey_principal_3(void *server_handle, return EINVAL; r = chrand_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { if (key) krb5_copy_keyblock(handle->context, &r->key, key); @@ -499,7 +505,7 @@ kadm5_randkey_principal(void *server_handle, return EINVAL; r = chrand_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { if (key) krb5_copy_keyblock(handle->context, &r->key, key); |