diff options
| author | Tom Yu <tlyu@mit.edu> | 2004-06-16 03:11:54 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2004-06-16 03:11:54 +0000 |
| commit | 02c51b4f59b6c86c2112cd10a209322ad1cbb0c6 (patch) | |
| tree | 708bc38a3e15681fd669df856517dcd52e0d5d47 /src/lib/kadm5/clnt/client_init.c | |
| parent | 2584d8a1f09cc0bf93708474c11a3012bedac42b (diff) | |
| download | krb5-02c51b4f59b6c86c2112cd10a209322ad1cbb0c6.zip krb5-02c51b4f59b6c86c2112cd10a209322ad1cbb0c6.tar.gz krb5-02c51b4f59b6c86c2112cd10a209322ad1cbb0c6.tar.bz2 | |
This commit merges the RPCSEC_GSS integration branch onto the trunk.
Remaining work includes:
* Default to using kadmin/fqdn for SEAM compatibility
* Namespace cleanups and other API tweaks -- this API is not stable yet
* Fix lib/rpc/unit-test testsuite to test RPCSEC_GSS in addition to
AUTH_GSSAPI
Additional work will be tracked in separate tickets. This merge is
bracketed between the tags "tlyu-umich-rpc-merge-pre" and
"tlyu-umich-rpc-merge-post".
ticket: 2578
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16467 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5/clnt/client_init.c')
| -rw-r--r-- | src/lib/kadm5/clnt/client_init.c | 41 |
1 files changed, 29 insertions, 12 deletions
diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index cfe1381..93768ea 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -55,6 +55,7 @@ #define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" +static int old_auth_gssapi = 0; enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS }; @@ -221,6 +222,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, realm = params_local.realm = (char *) params_in; if (params_in) params_local.mask = KADM5_CONFIG_REALM; + + /* Use old AUTH_GSSAPI for version 1 protocol. */ + params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI; params_in = ¶ms_local; } else { if (params_in && (params_in->mask & KADM5_CONFIG_REALM)) @@ -485,19 +489,29 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, } #ifndef INIT_TEST - handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, - &gssstat, - &minor_stat, - gss_client_creds, - gss_target, - (gss_OID) gss_mech_krb5, - GSS_C_MUTUAL_FLAG - | GSS_C_REPLAY_FLAG, - 0, - NULL, - NULL, - NULL); + if (params_in != NULL && + (params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { + handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, + &gssstat, + &minor_stat, + gss_client_creds, + gss_target, + (gss_OID) gss_mech_krb5, + GSS_C_MUTUAL_FLAG + | GSS_C_REPLAY_FLAG, + 0, + NULL, + NULL, + NULL); + } else { + struct rpc_gss_sec sec; + sec.mech = gss_mech_krb5; + sec.qop = GSS_C_QOP_DEFAULT; + sec.svc = RPCSEC_GSS_SVC_PRIVACY; + handle->clnt->cl_auth = authgss_create(handle->clnt, + gss_target, &sec); + } (void) gss_release_name(&minor_stat, &gss_target); #endif /* ! INIT_TEST */ @@ -524,6 +538,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, r = init_1(&handle->api_version, handle->clnt); if (r == NULL) { code = KADM5_RPC_ERROR; +#ifdef DEBUG + clnt_perror(handle->clnt, "init_1 null resp"); +#endif goto error; } if (r->code) { |