summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/krb5/krb/get_in_tkt.c28
-rw-r--r--src/lib/krb5/krb/gic_keytab.c12
-rw-r--r--src/lib/krb5/krb/gic_pwd.c16
-rw-r--r--src/lib/krb5/os/changepw.c23
-rw-r--r--src/lib/krb5/os/locate_kdc.c151
-rw-r--r--src/lib/krb5/os/os-proto.h3
-rw-r--r--src/lib/krb5/os/sendto_kdc.c27
-rw-r--r--src/lib/krb5/os/t_std_conf.c4
8 files changed, 93 insertions, 171 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index c1c6df1606..9686f578a8 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -84,13 +84,13 @@ static krb5_error_code make_preauth_list PROTOTYPE((krb5_context,
*/
static krb5_error_code
send_as_request(context, request, time_now, ret_err_reply, ret_as_reply,
- master)
+ use_master)
krb5_context context;
krb5_kdc_req *request;
krb5_timestamp *time_now;
krb5_error ** ret_err_reply;
krb5_kdc_rep ** ret_as_reply;
- int * master;
+ int use_master;
{
krb5_kdc_rep *as_reply = 0;
krb5_error_code retval;
@@ -116,7 +116,7 @@ send_as_request(context, request, time_now, ret_err_reply, ret_as_reply,
k4_version = packet->data[0];
retval = krb5_sendto_kdc(context, packet,
krb5_princ_realm(context, request->client),
- &reply, master);
+ &reply, use_master);
krb5_free_data(context, packet);
if (retval)
goto cleanup;
@@ -559,7 +559,7 @@ cleanup:
return (retval);
}
-/* begin appdefaults parsing code. This should almost certainly move
+/* begin libdefaults parsing code. This should almost certainly move
somewhere else, but I don't know where the correct somewhere else
is yet. */
@@ -595,7 +595,7 @@ _krb5_conf_boolean(s)
}
static krb5_error_code
-krb5_appdefault_string(context, realm, option, ret_value)
+krb5_libdefault_string(context, realm, option, ret_value)
krb5_context context;
const krb5_data *realm;
const char *option;
@@ -673,7 +673,7 @@ goodbye:
/* as well as the DNS code */
krb5_error_code
-krb5_appdefault_boolean(context, realm, option, ret_value)
+krb5_libdefault_boolean(context, realm, option, ret_value)
krb5_context context;
const char *option;
const krb5_data *realm;
@@ -682,7 +682,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value)
char *string = NULL;
krb5_error_code retval;
- retval = krb5_appdefault_string(context, realm, option, &string);
+ retval = krb5_libdefault_string(context, realm, option, &string);
if (retval)
return(retval);
@@ -696,7 +696,7 @@ krb5_appdefault_boolean(context, realm, option, ret_value)
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
krb5_get_init_creds(context, creds, client, prompter, prompter_data,
start_time, in_tkt_service, options, gak_fct, gak_data,
- master, as_reply)
+ use_master, as_reply)
krb5_context context;
krb5_creds *creds;
krb5_principal client;
@@ -707,7 +707,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
krb5_get_init_creds_opt *options;
krb5_gic_get_as_key_fct gak_fct;
void *gak_data;
- int *master;
+ int use_master;
krb5_kdc_rep **as_reply;
{
krb5_error_code ret;
@@ -751,7 +751,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE))
tempint = options->forwardable;
- else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if ((ret = krb5_libdefault_boolean(context, &client->realm,
"forwardable", &tempint)) == 0)
;
else
@@ -763,7 +763,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE))
tempint = options->proxiable;
- else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if ((ret = krb5_libdefault_boolean(context, &client->realm,
"proxiable", &tempint)) == 0)
;
else
@@ -775,7 +775,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) {
renew_life = options->renew_life;
- } else if ((ret = krb5_appdefault_string(context, &client->realm,
+ } else if ((ret = krb5_libdefault_string(context, &client->realm,
"renew_lifetime", &tempstr))
== 0) {
if (ret = krb5_string_to_deltat(tempstr, &renew_life)) {
@@ -868,7 +868,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
}
/* it would be nice if this parsed out an address list, but
that would be work. */
- else if (((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if (((ret = krb5_libdefault_boolean(context, &client->realm,
"noaddresses", &tempint)) == 0)
&& tempint) {
;
@@ -923,7 +923,7 @@ krb5_get_init_creds(context, creds, client, prompter, prompter_data,
err_reply = 0;
local_as_reply = 0;
if ((ret = send_as_request(context, &request, &time_now, &err_reply,
- &local_as_reply, master)))
+ &local_as_reply, use_master)))
goto cleanup;
if (err_reply) {
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index 8b6f23199e..ad33fb9908 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -61,7 +61,7 @@ krb5_get_init_creds_keytab(context, creds, client, arg_keytab,
krb5_get_init_creds_opt *options;
{
krb5_error_code ret, ret2;
- int master;
+ int use_master;
krb5_keytab keytab;
if (arg_keytab == NULL) {
@@ -71,14 +71,14 @@ krb5_get_init_creds_keytab(context, creds, client, arg_keytab,
keytab = arg_keytab;
}
- master = 0;
+ use_master = 0;
/* first try: get the requested tkt from any kdc */
ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
start_time, in_tkt_service, options,
krb5_get_as_key_keytab, (void *) keytab,
- &master, NULL);
+ use_master,NULL);
/* check for success */
@@ -93,13 +93,13 @@ krb5_get_init_creds_keytab(context, creds, client, arg_keytab,
/* if the reply did not come from the master kdc, try again with
the master kdc */
- if (!master) {
- master = 1;
+ if (!use_master) {
+ use_master = 1;
ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
start_time, in_tkt_service, options,
krb5_get_as_key_keytab, (void *) keytab,
- &master, NULL);
+ use_master, NULL);
if (ret2 == 0) {
ret = 0;
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 7ca43430e8..8debaee026 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -97,7 +97,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
krb5_get_init_creds_opt *options;
{
krb5_error_code ret, ret2;
- int master;
+ int use_master;
krb5_kdc_rep *as_reply;
int tries;
krb5_creds chpw_creds;
@@ -107,7 +107,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
krb5_prompt prompt[2];
krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
- master = 0;
+ use_master = 0;
as_reply = NULL;
memset(&chpw_creds, 0, sizeof(chpw_creds));
@@ -133,7 +133,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
ret = krb5_get_init_creds(context, creds, client, prompter, data,
start_time, in_tkt_service, options,
krb5_get_as_key_password, (void *) &pw0,
- &master, &as_reply);
+ use_master, &as_reply);
/* check for success */
@@ -150,13 +150,13 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
/* if the reply did not come from the master kdc, try again with
the master kdc */
- if (!master) {
- master = 1;
+ if (!use_master) {
+ use_master = 1;
ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
start_time, in_tkt_service, options,
krb5_get_as_key_password, (void *) &pw0,
- &master, &as_reply);
+ use_master, &as_reply);
if (ret2 == 0) {
ret = 0;
@@ -195,7 +195,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
prompter, data,
start_time, "kadmin/changepw", &chpw_opts,
krb5_get_as_key_password, (void *) &pw0,
- &master, NULL)))
+ use_master, NULL)))
goto cleanup;
prompt[0].prompt = "Enter new password";
@@ -282,7 +282,7 @@ krb5_get_init_creds_password(context, creds, client, password, prompter, data,
ret = krb5_get_init_creds(context, creds, client, prompter, data,
start_time, in_tkt_service, options,
krb5_get_as_key_password, (void *) &pw0,
- &master, &as_reply);
+ use_master, &as_reply);
cleanup:
krb5int_set_prompt_types(context, 0);
diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index 6ed95bce7f..597351619d 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -53,31 +53,24 @@
*/
static krb5_error_code
-krb5_locate_kpasswd(context, realm, addr_pp, naddrs, master_index, nmasters)
+krb5_locate_kpasswd(context, realm, addr_pp, naddrs)
krb5_context context;
const krb5_data *realm;
struct sockaddr **addr_pp;
int *naddrs;
- int *master_index;
- int *nmasters;
{
krb5_error_code code;
int i;
-#ifdef KRB5_DNS_LOOKUP
- struct sockaddr *admin_addr_p, *kdc_addr_p;
- int nadmin_addrs, nkdc_addrs;
- int j;
-#endif /* KRB5_DNS_LOOKUP */
/*
* We always try the local file first
*/
- code = krb5_locate_srv_conf(context, realm, "kpasswd_server", addr_pp, naddrs,
- master_index, nmasters);
+ code = krb5_locate_srv_conf( context, realm, "kpasswd_server",
+ addr_pp, naddrs, 0);
if (code) {
- code = krb5_locate_srv_conf(context, realm, "admin_server", addr_pp, naddrs,
- master_index, nmasters);
+ code = krb5_locate_srv_conf( context, realm, "admin_server",
+ addr_pp, naddrs, 0);
if ( !code ) {
/* success with admin_server but now we need to change the port */
/* number to use DEFAULT_KPASSWD_PORT. */
@@ -108,10 +101,6 @@ krb5_locate_kpasswd(context, realm, addr_pp, naddrs, master_index, nmasters)
}
}
}
- if ( !code && master_index && nmasters ) {
- *master_index = 1;
- *nmasters = *naddrs;
- }
}
}
#endif /* KRB5_DNS_LOOKUP */
@@ -158,7 +147,7 @@ krb5_change_password(context, creds, newpw, result_code,
if (code = krb5_locate_kpasswd(context,
krb5_princ_realm(context, creds->client),
- &addr_p, &naddr_p,NULL,NULL))
+ &addr_p, &naddr_p))
goto cleanup;
/* this is really obscure. s1 is used for all communications. it
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index fcdfa03f25..1139fb338e 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -85,14 +85,13 @@ _krb5_use_dns(context)
*/
krb5_error_code
-krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmasters)
+krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, get_masters)
krb5_context context;
const krb5_data *realm;
const char * name;
struct sockaddr **addr_pp;
int *naddrs;
- int *master_index;
- int *nmasters;
+ int get_masters;
{
const char *realm_srv_names[4];
char **masterlist, **hostlist, *host, *port, *cp;
@@ -162,10 +161,7 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
return 0;
}
- if (master_index) {
- *master_index = 0;
- *nmasters = 0;
-
+ if (get_masters) {
realm_srv_names[0] = "realms";
realm_srv_names[1] = host;
realm_srv_names[2] = "admin_server";
@@ -209,8 +205,10 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
addr_p = (struct sockaddr *)malloc (sizeof (struct sockaddr) * count);
if (addr_p == NULL) {
- profile_free_list(hostlist);
- profile_free_list(masterlist);
+ if ( hostlist )
+ profile_free_list(hostlist);
+ if ( masterlist )
+ profile_free_list(masterlist);
return ENOMEM;
}
@@ -239,52 +237,54 @@ krb5_locate_srv_conf(context, realm, name, addr_pp, naddrs, master_index, nmaste
if (masterlist) {
for (j=0; masterlist[j]; j++) {
if (strcasecmp(hostlist[i], masterlist[j]) == 0) {
- *master_index = out;
ismaster = 1;
}
}
}
- switch (hp->h_addrtype) {
-
+ if ( !get_masters || ismaster ) {
+ switch (hp->h_addrtype) {
#ifdef HAVE_NETINET_IN_H
- case AF_INET:
- for (j=0; hp->h_addr_list[j]; j++) {
- sin_p = (struct sockaddr_in *) &addr_p[out++];
- memset ((char *)sin_p, 0, sizeof(struct sockaddr));
- sin_p->sin_family = hp->h_addrtype;
- sin_p->sin_port = port ? htons(atoi(port)) : udpport;
- memcpy((char *)&sin_p->sin_addr,
- (char *)hp->h_addr_list[j],
- sizeof(struct in_addr));
- if (out+1 >= count) {
- count += 5;
- addr_p = (struct sockaddr *)
- realloc ((char *)addr_p,
- sizeof(struct sockaddr) * count);
- if (addr_p == NULL) {
- profile_free_list(hostlist);
- profile_free_list(masterlist);
- return ENOMEM;
+ case AF_INET:
+ for (j=0; hp->h_addr_list[j]; j++) {
+ sin_p = (struct sockaddr_in *) &addr_p[out++];
+ memset ((char *)sin_p, 0, sizeof(struct sockaddr));
+ sin_p->sin_family = hp->h_addrtype;
+ sin_p->sin_port = port ? htons(atoi(port)) : udpport;
+ memcpy((char *)&sin_p->sin_addr,
+ (char *)hp->h_addr_list[j],
+ sizeof(struct in_addr));
+ if (out+1 >= count) {
+ count += 5;
+ addr_p = (struct sockaddr *)
+ realloc ((char *)addr_p,
+ sizeof(struct sockaddr) * count);
+ if (addr_p == NULL) {
+ if ( hostlist )
+ profile_free_list(hostlist);
+ if ( masterlist )
+ profile_free_list(masterlist);
+ return ENOMEM;
+ }
}
- }
- if (sec_udpport && !port) {
- addr_p[out] = addr_p[out-1];
- sin_p = (struct sockaddr_in *) &addr_p[out++];
- sin_p->sin_port = sec_udpport;
- }
- }
- break;
+ if (sec_udpport && !port) {
+ addr_p[out] = addr_p[out-1];
+ sin_p = (struct sockaddr_in *) &addr_p[out++];
+ sin_p->sin_port = sec_udpport;
+ }
+ }
+ break;
#endif
- default:
- break;
- }
- if (ismaster)
- *nmasters = out - *master_index;
+ default:
+ break;
+ }
+ }
}
- profile_free_list(hostlist);
- profile_free_list(masterlist);
+ if ( hostlist )
+ profile_free_list(hostlist);
+ if ( masterlist )
+ profile_free_list(masterlist);
if (out == 0) { /* Couldn't resolve any KDC names */
free (addr_p);
@@ -564,78 +564,29 @@ krb5_locate_srv_dns(realm, service, protocol, addr_pp, naddrs)
*/
krb5_error_code
-krb5_locate_kdc(context, realm, addr_pp, naddrs, master_index, nmasters)
+krb5_locate_kdc(context, realm, addr_pp, naddrs, get_masters)
krb5_context context;
const krb5_data *realm;
struct sockaddr **addr_pp;
int *naddrs;
- int *master_index;
- int *nmasters;
+ int get_masters;
{
krb5_error_code code;
-#ifdef KRB5_DNS_LOOKUP
- struct sockaddr *admin_addr_p, *kdc_addr_p;
- int nadmin_addrs, nkdc_addrs;
- int i,j;
-#endif /* KRB5_DNS_LOOKUP */
/*
* We always try the local file first
*/
code = krb5_locate_srv_conf(context, realm, "kdc", addr_pp, naddrs,
- master_index, nmasters);
+ get_masters);
#ifdef KRB5_DNS_LOOKUP
if (code) {
int use_dns = _krb5_use_dns(context);
if ( use_dns ) {
- code = krb5_locate_srv_dns(realm, "_kerberos", "_udp",
- addr_pp, naddrs);
- if ( master_index && nmasters ) {
-
- code = krb5_locate_srv_dns(realm, "_kerberos-adm", "_tcp",
- &admin_addr_p, &nadmin_addrs);
- if ( code ) {
- free(*addr_pp);
- *addr_pp = NULL;
- *naddrs = 0;
- return(code);
- }
-
- kdc_addr_p = *addr_pp;
- nkdc_addrs = *naddrs;
-
- *naddrs = 0;
- *addr_pp = (struct sockaddr *) malloc(sizeof(*kdc_addr_p));
- if ( *addr_pp == NULL ) {
- free(kdc_addr_p);
- free(admin_addr_p);
- return ENOMEM;
- }
-
- for ( i=0; i<nkdc_addrs; i++ ) {
- for ( j=0 ; j<nadmin_addrs; j++) {
- if ( !memcmp(&kdc_addr_p[i].sa_data[2],&admin_addr_p[j].sa_data[2],4) ) {
- memcpy(&(*addr_pp)[(*naddrs)],&kdc_addr_p[i],
- sizeof(struct sockaddr));
- (*naddrs)++;
- break;
- }
- }
- }
-
- free(kdc_addr_p);
- free(admin_addr_p);
-
- if ( *naddrs == 0 ) {
- free(*addr_pp);
- *addr_pp = NULL;
- return KRB5_REALM_CANT_RESOLVE;
- }
- *master_index = 1;
- *nmasters = *naddrs;
- }
+ code = krb5_locate_srv_dns(realm,
+ get_masters ? "_kerberos-master" : "_kerberos",
+ "_udp", addr_pp, naddrs);
}
}
#endif /* KRB5_DNS_LOOKUP */
diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h
index fed7a81db0..a6b67f15e8 100644
--- a/src/lib/krb5/os/os-proto.h
+++ b/src/lib/krb5/os/os-proto.h
@@ -36,8 +36,7 @@ krb5_error_code krb5_locate_kdc
const krb5_data *,
struct sockaddr **,
int *,
- int *,
- int *));
+ int));
#endif
#ifdef HAVE_NETINET_IN_H
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 01b797e701..241ffbcbda 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -60,16 +60,16 @@ extern int krb5_skdc_timeout_shift;
extern int krb5_skdc_timeout_1;
krb5_error_code
-krb5_sendto_kdc (context, message, realm, reply, master)
+krb5_sendto_kdc (context, message, realm, reply, use_master)
krb5_context context;
const krb5_data * message;
const krb5_data * realm;
krb5_data * reply;
- int *master;
+ int use_master;
{
register int timeout, host, i;
struct sockaddr *addr;
- int naddr, master_index, nmasters;
+ int naddr;
int sent, nready;
krb5_error_code retval;
SOCKET *socklist;
@@ -81,14 +81,10 @@ krb5_sendto_kdc (context, message, realm, reply, master)
* find KDC location(s) for realm
*/
- if (retval = krb5_locate_kdc (context, realm, &addr, &naddr,
- master?&master_index:NULL,
- master?&nmasters:NULL))
+ if (retval = krb5_locate_kdc(context, realm, &addr, &naddr, use_master))
return retval;
if (naddr == 0)
- return KRB5_REALM_UNKNOWN;
- if (master && (*master == 1) && (nmasters == 0))
- return KRB5_KDC_UNREACH;
+ return (use_master ? KRB5_KDC_UNREACH : KRB5_REALM_UNKNOWN);
socklist = (SOCKET *)malloc(naddr * sizeof(SOCKET));
if (socklist == NULL) {
@@ -128,12 +124,6 @@ krb5_sendto_kdc (context, message, realm, reply, master)
timeout <<= krb5_skdc_timeout_shift) {
sent = 0;
for (host = 0; host < naddr; host++) {
- /* if a master kdc is required, skip the non-master kdc's */
-
- if (master && (*master == 1) &&
- ((host < master_index) || (host >= (master_index+nmasters))))
- continue;
-
/* send to the host, wait timeout seconds for a response,
then move on. */
/* cache some sockets for each host */
@@ -210,13 +200,6 @@ krb5_sendto_kdc (context, message, realm, reply, master)
reply->length = cc;
retval = 0;
-
- /* if the caller asked to be informed if it
- got a master kdc, tell it */
- if (master)
- *master = ((host >= master_index) &&
- (host < (master_index+nmasters)));
-
goto out;
} else if (nready == 0) {
/* timeout */
diff --git a/src/lib/krb5/os/t_std_conf.c b/src/lib/krb5/os/t_std_conf.c
index 0846b1c223..a95c67ad54 100644
--- a/src/lib/krb5/os/t_std_conf.c
+++ b/src/lib/krb5/os/t_std_conf.c
@@ -110,14 +110,14 @@ void test_locate_kdc(ctx, realm)
struct sockaddr *addrs;
struct sockaddr_in *sin;
int i, naddrs;
- int master_index, nmasters;
+ int get_masters=0;
krb5_data rlm;
krb5_error_code retval;
rlm.data = realm;
rlm.length = strlen(realm);
retval = krb5_locate_kdc(ctx, &rlm, &addrs, &naddrs,
- &master_index, &nmasters);
+ get_masters);
if (retval) {
com_err("krb5_get_krbhst", retval, 0);
return;
generated by cgit (git 2.34.1) at 2024-11-19 13:21:15 +0000