diff options
| author | Greg Hudson <ghudson@mit.edu> | 2016-08-25 15:37:23 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2016-09-06 16:33:49 -0400 |
| commit | a2ff1d95a8c3c455fc70d7ef6644fa4dabf96549 (patch) | |
| tree | d561d3eaf95f981329acabf583c207b61391c593 /src/slave | |
| parent | a0b43869cfeff5ded73460c8cc89472ac995a6d7 (diff) | |
| download | krb5-a2ff1d95a8c3c455fc70d7ef6644fa4dabf96549.zip krb5-a2ff1d95a8c3c455fc70d7ef6644fa4dabf96549.tar.gz krb5-a2ff1d95a8c3c455fc70d7ef6644fa4dabf96549.tar.bz2 | |
Consolidate sn2princ_realm() in kprop and kpropd
In kprop and kpropd, factor out the duplicated implementation of
sn2princ_with_realm() into kprop_util.c. Rename it to
sn2princ_realm(), remove the type parameter, and require the sname
parameter to be specified. Rewrite the function to use
krb5_expand_hostname(), avoiding an unnecessary hostrealm lookup.
Diffstat (limited to 'src/slave')
| -rw-r--r-- | src/slave/kprop.c | 37 | ||||
| -rw-r--r-- | src/slave/kprop.h | 4 | ||||
| -rw-r--r-- | src/slave/kprop_util.c | 31 | ||||
| -rw-r--r-- | src/slave/kpropd.c | 36 |
4 files changed, 43 insertions, 65 deletions
diff --git a/src/slave/kprop.c b/src/slave/kprop.c index e80ecab..5bff5de 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -182,35 +182,6 @@ parse_args(krb5_context context, int argc, char **argv) } } -/* Runs krb5_sname_to_principal with a substitute realm - * Duplicated in kpropd.c, sharing TBD */ -static krb5_error_code -sn2princ_with_realm(krb5_context context, const char *hostname, - const char *sname, krb5_int32 type, const char *rrealm, - krb5_principal *princ_out) -{ - krb5_error_code ret; - krb5_principal princ = NULL; - - *princ_out = NULL; - - if (rrealm == NULL) - return EINVAL; - - ret = krb5_sname_to_principal(context, hostname, sname, type, &princ); - if (ret) - return ret; - - ret = krb5_set_principal_realm(context, princ, rrealm); - if (ret) { - krb5_free_principal(context, princ); - return ret; - } - - *princ_out = princ; - return 0; -} - static void get_tickets(krb5_context context) { @@ -220,8 +191,8 @@ get_tickets(krb5_context context) krb5_principal server_princ = NULL; /* Figure out what tickets we'll be using to send. */ - retval = sn2princ_with_realm(context, NULL, NULL, KRB5_NT_SRV_HST, realm, - &my_principal); + retval = sn2princ_realm(context, NULL, KPROP_SERVICE_NAME, realm, + &my_principal); if (retval) { com_err(progname, errno, _("while setting client principal name")); exit(1); @@ -229,8 +200,8 @@ get_tickets(krb5_context context) /* Construct the principal name for the slave host. */ memset(&creds, 0, sizeof(creds)); - retval = sn2princ_with_realm(context, slave_host, KPROP_SERVICE_NAME, - KRB5_NT_SRV_HST, realm, &server_princ); + retval = sn2princ_realm(context, slave_host, KPROP_SERVICE_NAME, realm, + &server_princ); if (retval) { com_err(progname, errno, _("while setting server principal name")); exit(1); diff --git a/src/slave/kprop.h b/src/slave/kprop.h index a4aa39a..dbbda43 100644 --- a/src/slave/kprop.h +++ b/src/slave/kprop.h @@ -37,3 +37,7 @@ int sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa, krb5_address **dest); + +krb5_error_code +sn2princ_realm(krb5_context context, const char *hostname, const char *sname, + const char *realm, krb5_principal *princ_out); diff --git a/src/slave/kprop_util.c b/src/slave/kprop_util.c index beaf1c8..f182554 100644 --- a/src/slave/kprop_util.c +++ b/src/slave/kprop_util.c @@ -65,3 +65,34 @@ sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa, return krb5_copy_addr(context, &addr, dest); } + +/* Construct a host-based principal, similar to krb5_sname_to_principal() but + * with a specified realm. */ +krb5_error_code +sn2princ_realm(krb5_context context, const char *hostname, const char *sname, + const char *realm, krb5_principal *princ_out) +{ + krb5_error_code ret; + char *canonhost, localname[MAXHOSTNAMELEN]; + + *princ_out = NULL; + assert(sname != NULL && realm != NULL); + + /* If hostname is NULL, use the local hostname. */ + if (hostname == NULL) { + if (gethostname(localname, MAXHOSTNAMELEN) != 0) + return SOCKET_ERRNO; + hostname = localname; + } + + ret = krb5_expand_hostname(context, hostname, &canonhost); + if (ret) + return ret; + + ret = krb5_build_principal(context, princ_out, strlen(realm), realm, sname, + canonhost, (char *)NULL); + krb5_free_string(context, canonhost); + if (!ret) + (*princ_out)->type = KRB5_NT_SRV_HST; + return ret; +} diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index ef64222..056c31a 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -601,34 +601,6 @@ full_resync(CLIENT *clnt) return (status == RPC_SUCCESS) ? &clnt_res : NULL; } -/* Runs krb5_sname_to_principal with a substitute realm. - * Duplicated in kprop.c, sharing TBD */ -static krb5_error_code -sn2princ_with_realm(krb5_context context, const char *hostname, - const char *sname, krb5_int32 type, const char *rrealm, - krb5_principal *princ_out) -{ - krb5_error_code ret; - krb5_principal princ = NULL; - - *princ_out = NULL; - - if (rrealm == NULL) - return EINVAL; - - ret = krb5_sname_to_principal(context, hostname, sname, type, &princ); - if (ret) - return ret; - - ret = krb5_set_principal_realm(context, princ, rrealm); - if (ret) { - krb5_free_principal(context, princ); - return ret; - } - - *princ_out = princ; - return 0; -} /* * Beg for incrementals from the KDC. * @@ -671,8 +643,8 @@ do_iprop() } } - retval = sn2princ_with_realm(kpropd_context, NULL, KIPROP_SVC_NAME, - KRB5_NT_SRV_HST, realm, &iprop_svc_principal); + retval = sn2princ_realm(kpropd_context, NULL, KIPROP_SVC_NAME, realm, + &iprop_svc_principal); if (retval) { com_err(progname, retval, _("while trying to construct host service principal")); @@ -1176,8 +1148,8 @@ parse_args(char **argv) } /* Construct service name from local hostname. */ - retval = sn2princ_with_realm(kpropd_context, NULL, KPROP_SERVICE_NAME, - KRB5_NT_SRV_HST, realm, &server); + retval = sn2princ_realm(kpropd_context, NULL, KPROP_SERVICE_NAME, realm, + &server); if (retval) { com_err(progname, retval, _("while trying to construct my service name")); |