diff options
| author | Tom Yu <tlyu@mit.edu> | 2004-06-16 03:11:54 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2004-06-16 03:11:54 +0000 |
| commit | 02c51b4f59b6c86c2112cd10a209322ad1cbb0c6 (patch) | |
| tree | 708bc38a3e15681fd669df856517dcd52e0d5d47 /src/lib/kadm5 | |
| parent | 2584d8a1f09cc0bf93708474c11a3012bedac42b (diff) | |
| download | krb5-02c51b4f59b6c86c2112cd10a209322ad1cbb0c6.tar.gz krb5-02c51b4f59b6c86c2112cd10a209322ad1cbb0c6.tar.xz krb5-02c51b4f59b6c86c2112cd10a209322ad1cbb0c6.zip | |
This commit merges the RPCSEC_GSS integration branch onto the trunk.
Remaining work includes:
* Default to using kadmin/fqdn for SEAM compatibility
* Namespace cleanups and other API tweaks -- this API is not stable yet
* Fix lib/rpc/unit-test testsuite to test RPCSEC_GSS in addition to
AUTH_GSSAPI
Additional work will be tracked in separate tickets. This merge is
bracketed between the tags "tlyu-umich-rpc-merge-pre" and
"tlyu-umich-rpc-merge-post".
ticket: 2578
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16467 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5')
| -rw-r--r-- | src/lib/kadm5/ChangeLog | 8 | ||||
| -rw-r--r-- | src/lib/kadm5/admin.h | 6 | ||||
| -rw-r--r-- | src/lib/kadm5/alt_prof.c | 34 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/ChangeLog | 8 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/client_init.c | 41 | ||||
| -rw-r--r-- | src/lib/kadm5/clnt/client_principal.c | 34 |
6 files changed, 104 insertions, 27 deletions
diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog index 0eb995f0c5..24bc4077fc 100644 --- a/src/lib/kadm5/ChangeLog +++ b/src/lib/kadm5/ChangeLog @@ -1,3 +1,11 @@ +2004-06-15 Tom Yu <tlyu@mit.edu> + + * admin.h (kadm5_get_admin_service_name): Prototype for new function. + (KADM5_CONFIG_OLD_AUTH_GSSAPI): New flag to force old AUTH_GSSAPI + flavor. + + * alt_prof.c (kadm5_get_admin_service_name): New function. + 2004-02-12 Tom Yu <tlyu@mit.edu> * configure.in: Invoke PRIOCNTL_HACK. diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index c2236ae51e..b64b80756d 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -121,7 +121,8 @@ typedef long kadm5_ret_t; #define KADM5_CONFIG_DICT_FILE 0x020000 #define KADM5_CONFIG_MKEY_FROM_KBD 0x040000 #define KADM5_CONFIG_KPASSWD_PORT 0x080000 - +#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000 + /* * permission bits */ @@ -287,6 +288,9 @@ krb5_error_code kadm5_free_config_params(krb5_context context, krb5_error_code kadm5_free_realm_params(krb5_context kcontext, kadm5_config_params *params); + +krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, + char *, size_t); #endif kadm5_ret_t kadm5_init(char *client_name, char *pass, diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 659068badc..23258c9a9e 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -768,6 +768,40 @@ kadm5_free_config_params(context, params) return(0); } +krb5_error_code +kadm5_get_admin_service_name(krb5_context ctx, + char *realm_in, + char *admin_name, + size_t maxlen) +{ + krb5_error_code ret; + kadm5_config_params params_in, params_out; + struct hostent *hp; + + memset(¶ms_in, 0, sizeof(params_in)); + memset(¶ms_out, 0, sizeof(params_out)); + + params_in.mask |= KADM5_CONFIG_ADMIN_SERVER; + ret = kadm5_get_config_params(ctx, NULL, NULL, ¶ms_in, ¶ms_out); + if (ret) + return ret; + + hp = gethostbyname(params_out.admin_server); + if (hp == NULL) { + ret = errno; + goto err_params; + } + if (strlen(hp->h_name) + sizeof("kadmin/") > maxlen) { + ret = ENOMEM; + goto err_params; + } + sprintf(admin_name, "kadmin/%s", hp->h_name); + +err_params: + free(params_out.admin_server); + return ret; +} + /*********************************************************************** * This is the old krb5_realm_read_params, which I mutated into * kadm5_get_config_params but which old code (kdb5_* and krb5kdc) diff --git a/src/lib/kadm5/clnt/ChangeLog b/src/lib/kadm5/clnt/ChangeLog index eb947834f1..ef1846c0f6 100644 --- a/src/lib/kadm5/clnt/ChangeLog +++ b/src/lib/kadm5/clnt/ChangeLog @@ -1,3 +1,11 @@ +2004-06-15 Tom Yu <tlyu@mit.edu> + + * client_principal.c (eret): Add some debugging messages for some + RPC errors. + + * client_init.c (_kadm5_init_any): Add support for RPCSEC_GSS. + Default to using AUTH_GSSAPI for ovsec. + 2004-06-04 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBBASE): Renamed from LIB. diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index cfe1381d9d..93768eafc3 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -55,6 +55,7 @@ #define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" +static int old_auth_gssapi = 0; enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS }; @@ -221,6 +222,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, realm = params_local.realm = (char *) params_in; if (params_in) params_local.mask = KADM5_CONFIG_REALM; + + /* Use old AUTH_GSSAPI for version 1 protocol. */ + params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI; params_in = ¶ms_local; } else { if (params_in && (params_in->mask & KADM5_CONFIG_REALM)) @@ -485,19 +489,29 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, } #ifndef INIT_TEST - handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, - &gssstat, - &minor_stat, - gss_client_creds, - gss_target, - (gss_OID) gss_mech_krb5, - GSS_C_MUTUAL_FLAG - | GSS_C_REPLAY_FLAG, - 0, - NULL, - NULL, - NULL); + if (params_in != NULL && + (params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { + handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, + &gssstat, + &minor_stat, + gss_client_creds, + gss_target, + (gss_OID) gss_mech_krb5, + GSS_C_MUTUAL_FLAG + | GSS_C_REPLAY_FLAG, + 0, + NULL, + NULL, + NULL); + } else { + struct rpc_gss_sec sec; + sec.mech = gss_mech_krb5; + sec.qop = GSS_C_QOP_DEFAULT; + sec.svc = RPCSEC_GSS_SVC_PRIVACY; + handle->clnt->cl_auth = authgss_create(handle->clnt, + gss_target, &sec); + } (void) gss_release_name(&minor_stat, &gss_target); #endif /* ! INIT_TEST */ @@ -524,6 +538,9 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, r = init_1(&handle->api_version, handle->clnt); if (r == NULL) { code = KADM5_RPC_ERROR; +#ifdef DEBUG + clnt_perror(handle->clnt, "init_1 null resp"); +#endif goto error; } if (r->code) { diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index e364d2df49..972a7b3219 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -16,6 +16,12 @@ static char *rcsid = "$Header$"; #endif #include "client_internal.h" +#ifdef DEBUG +#define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0) +#else +#define eret() do { return KADM5_RPC_ERROR; } while (0) +#endif + kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t princ, long mask, @@ -69,7 +75,7 @@ kadm5_create_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -130,7 +136,7 @@ kadm5_create_principal_3(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -149,7 +155,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) arg.api_version = handle->api_version; r = delete_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -202,7 +208,7 @@ kadm5_modify_principal(void *server_handle, krb5_free_principal(handle->context, arg.rec.mod_name); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -227,7 +233,7 @@ kadm5_get_principal(void *server_handle, arg.api_version = handle->api_version; r = get_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { kadm5_principal_ent_t_v1 *entp; @@ -267,7 +273,7 @@ kadm5_get_principals(void *server_handle, arg.api_version = handle->api_version; r = get_princs_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if(r->code == 0) { *count = r->count; *princs = r->princs; @@ -296,7 +302,7 @@ kadm5_rename_principal(void *server_handle, return EINVAL; r = rename_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -318,7 +324,7 @@ kadm5_chpass_principal(void *server_handle, return EINVAL; r = chpass_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -345,7 +351,7 @@ kadm5_chpass_principal_3(void *server_handle, return EINVAL; r = chpass_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -368,7 +374,7 @@ kadm5_setv4key_principal(void *server_handle, return EINVAL; r = setv4key_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -393,7 +399,7 @@ kadm5_setkey_principal(void *server_handle, return EINVAL; r = setkey_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -423,7 +429,7 @@ kadm5_setkey_principal_3(void *server_handle, return EINVAL; r = setkey_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); return r->code; } @@ -451,7 +457,7 @@ kadm5_randkey_principal_3(void *server_handle, return EINVAL; r = chrand_principal3_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { if (key) krb5_copy_keyblock(handle->context, &r->key, key); @@ -499,7 +505,7 @@ kadm5_randkey_principal(void *server_handle, return EINVAL; r = chrand_principal_1(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + eret(); if (handle->api_version == KADM5_API_VERSION_1) { if (key) krb5_copy_keyblock(handle->context, &r->key, key); |