diff options
| author | Greg Hudson <ghudson@mit.edu> | 2008-12-29 17:12:54 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2008-12-29 17:12:54 +0000 |
| commit | c27165044b675285c475ad31dccf7570a8471035 (patch) | |
| tree | 302b10073949422b0919f1d64b7230c7c737ec7f /src | |
| parent | 67a9ec5448fed3027c47cad959a991da06792953 (diff) | |
| download | krb5-c27165044b675285c475ad31dccf7570a8471035.zip krb5-c27165044b675285c475ad31dccf7570a8471035.tar.gz krb5-c27165044b675285c475ad31dccf7570a8471035.tar.bz2 | |
Revert r21589, and export krb5_get_fallback_host_realm instead
Rationale: Zephyr and AFS both use the Kerberos realm name as the
name of the service realm (AFS realm or Zephyr galaxy). AFS can grab
the Kerberos realm from the ticket being aklogged, but Zephyr is not
necessarily getting credentials at all (you could be sending an
unauthenticated message), and currently finds its answer by looking
up the realm of the server host. Although we can't currently provide
an accurate result for this lookup in the presence of referrals, we do
need to provide enough tools to get as good of an answer as libzephyr
could have gotten before referrals went in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/k5-int.h | 4 | ||||
| -rw-r--r-- | src/include/krb5/krb5.hin | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gc_frm_kdc.c | 15 | ||||
| -rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 | ||||
| -rw-r--r-- | src/lib/krb5/os/hst_realm.c | 15 | ||||
| -rw-r--r-- | src/util/collected-client-lib/libcollected.exports | 1 |
6 files changed, 26 insertions, 14 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 611bddf..883de3e 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -538,10 +538,6 @@ krb5int_locate_server (krb5_context, const krb5_data *realm, struct addrlist *, enum locate_service_type svc, int sockettype, int family); -krb5_error_code -krb5int_get_fallback_host_realm (krb5_context, krb5_data *hdata, - char **realmp); - /* new encryption provider api */ struct krb5_enc_provider { diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 4848178..accde60 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2099,6 +2099,10 @@ krb5_error_code KRB5_CALLCONV krb5_get_host_realm (krb5_context, const char *, char *** ); +krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm + (krb5_context, + krb5_data *, + char *** ); krb5_error_code KRB5_CALLCONV krb5_free_host_realm (krb5_context, char * const * ); diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 801ea9f..90a49d6 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -787,7 +787,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_principal client, server, supplied_server, out_supplied_server; krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS]; krb5_boolean old_use_conf_ktypes; - char *hrealm; + char **hrealms; unsigned int referral_count, i; /* @@ -1021,22 +1021,23 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, */ if (krb5_is_referral_realm(&supplied_server->realm)) { if (server->length >= 2) { - retval=krb5int_get_fallback_host_realm(context, &server->data[1], - &hrealm); + retval=krb5_get_fallback_host_realm(context, &server->data[1], + &hrealms); if (retval) goto cleanup; #if 0 DPRINTF(("gc_from_kdc: using fallback realm of %s\n", - hrealm)); + hrealms[0])); #endif krb5_free_data_contents(context,&in_cred->server->realm); - server->realm.data=hrealm; - server->realm.length=strlen(hrealm); + server->realm.data=hrealms[0]; + server->realm.length=strlen(hrealms[0]); + free(hrealms); } else { /* * Problem case: Realm tagged for referral but apparently not * in a <type>/<host> format that - * krb5int_get_fallback_host_realm can deal with. + * krb5_get_fallback_host_realm can deal with. */ DPRINTF(("gc_from_kdc: referral specified " "but no fallback realm avaiable!\n")); diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 9b12be9..cabfc23 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -262,6 +262,7 @@ krb5_get_default_config_files krb5_get_default_in_tkt_ktypes krb5_get_default_realm krb5_get_error_message +krb5_get_fallback_host_realm krb5_get_host_realm krb5_get_in_tkt krb5_get_in_tkt_with_keytab diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index a97ca6d..36c0e48 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -335,9 +335,9 @@ krb5int_translate_gai_error (int num) */ krb5_error_code KRB5_CALLCONV -krb5int_get_fallback_host_realm(krb5_context context, krb5_data *hdata, - char **realmp) +krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp) { + char **retrealms; char *realm, *cp; krb5_error_code retval; char local_host[MAXDNAME+1], host[MAXDNAME+1]; @@ -417,7 +417,16 @@ krb5int_get_fallback_host_realm(krb5_context context, krb5_data *hdata, return retval; } - *realmp = realm; + if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) { + if (realm != (char *)NULL) + free(realm); + return ENOMEM; + } + + retrealms[0] = realm; + retrealms[1] = 0; + + *realmsp = retrealms; return 0; } diff --git a/src/util/collected-client-lib/libcollected.exports b/src/util/collected-client-lib/libcollected.exports index 8c124d1..fb91133 100644 --- a/src/util/collected-client-lib/libcollected.exports +++ b/src/util/collected-client-lib/libcollected.exports @@ -177,6 +177,7 @@ krb5_auth_con_getauthenticator krb5_read_password krb5_aname_to_localname krb5_get_host_realm +krb5_get_fallback_host_realm krb5_free_host_realm krb5_auth_con_genaddrs krb5_set_real_time |