+Sat May 20 13:46:36 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * kprop.M: Document -P (port) option.
+
+ * kpropd.M: Document -P (port) option.
+
+ * kprop.h: KPROPD_DEFAULT_KDB5_EDIT was pointing to wrong place.
+
+Mon May 15 13:11:15 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * kpropd.c (recv_database): Use krb5_int32 for over the wire
+ database length.
+ (kerberos_authenticate): Make keytab support work
+
+ * kprop.c (PRS): Add support for keytab and port specification.
+ (xmit_database): Use krb5_int32 for length of database to go over
+ the wire.
+ (kerberos_authenticate): Add krb5_auth_setaddrs call
+
Wed May 03 03:30:51 1995 Chris Provenzano (proven@mit.edu)
* kpropd.c: (krb5_recvauth()): No longer needs the rc_type arg.
.I file
] [
.B \-d
+] [
+.B \-P
+.I port
+] [
+] [
+.B \-s
+.I srvtab
]
.I slave_host
.br
option the filename where the dumped principal database file is to be
found; by default the dumped database file is KPROP_DEFAULT_FILE
(normally /krb5/slave_datatrans).
+.PP
+The
+.B \-P
+.I port
+option allows one to override the default port to contact the
+.I kpropd
+server on the remote host.
.SH SEE ALSO
kpropd(8), kdb5_edit(8), krb5kdc(8)
char *progname = 0;
int debug = 0;
+char *srvtab = 0;
char *slave_host;
char *realm = 0;
char *file = KPROP_DEFAULT_FILE;
+short port = 0;
krb5_principal my_principal; /* The Kerberos principal we'll be */
/* running under, initialized in */
static void usage()
{
- fprintf(stderr, "\nUsage: %s [-r realm] [-f file] [-d] slave_host\n\n",
+ fprintf(stderr, "\nUsage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] slave_host\n\n",
progname);
exit(1);
}
case 'd':
debug++;
break;
+ case 'P':
+ if (*word)
+ port = htons(atoi(word));
+ else
+ port = htons(atoi(*argv++));
+ if (!port)
+ usage();
+ word = 0;
+ break;
+ case 's':
+ if (*word)
+ srvtab = word;
+ else
+ srvtab = *argv++;
+ if (!srvtab)
+ usage();
+ word = 0;
+ break;
default:
usage();
}
struct hostent *hp;
krb5_error_code retval;
static char tkstring[] = "/tmp/kproptktXXXXXX";
+ krb5_keytab keytab = NULL;
/*
* Figure out what tickets we'll be using to send stuff
com_err(progname, retval, "While copying client principal");
exit(1);
}
+ if (srvtab) {
+ if (retval = krb5_kt_resolve(context, srvtab, &keytab)) {
+ com_err(progname, retval, "while resolving keytab");
+ exit(1);
+ }
+ }
+
retval = krb5_get_in_tkt_with_keytab(context, 0, 0, NULL,
- NULL, NULL, ccache, &creds, 0);
+ NULL, keytab, ccache, &creds, 0);
if (retval) {
com_err(progname, retval, "while getting initial ticket\n");
exit(1);
*fd = -1;
return(0);
}
- sp = getservbyname(KPROP_SERVICE, "tcp");
- if (sp == 0) {
- (void) strcpy(Errmsg, KPROP_SERVICE);
- (void) strcat(Errmsg, "/tcp: unknown service");
- *fd = -1;
- return(0);
- }
sin.sin_family = hp->h_addrtype;
memcpy((char *)&sin.sin_addr, hp->h_addr, hp->h_length);
- sin.sin_port = sp->s_port;
+ if(!port) {
+ sp = getservbyname(KPROP_SERVICE, "tcp");
+ if (sp == 0) {
+ (void) strcpy(Errmsg, KPROP_SERVICE);
+ (void) strcat(Errmsg, "/tcp: unknown service");
+ *fd = -1;
+ return(0);
+ }
+ sin.sin_port = sp->s_port;
+ } else
+ sin.sin_port = port;
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
krb5_auth_con_setflags(context, *auth_context,
KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ if (retval = krb5_auth_con_setaddrs(context, *auth_context, &sender_addr,
+ &receiver_addr)) {
+ com_err(progname, retval, "in krb5_auth_con_setaddrs");
+ exit(1);
+ }
+
if (retval = krb5_sendauth(context, auth_context, (void *)&fd,
kprop_version, me, creds.server,
AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL,
int database_fd;
int database_size;
{
- int send_size, sent_size, n;
+ krb5_int32 send_size, sent_size, n;
krb5_data inbuf, outbuf;
char buf[KPROP_BUFSIZ];
krb5_error_code retval;
#define KPROP_DEFAULT_FILE "/krb5/slave_datatrans"
#define KPROPD_DEFAULT_FILE "/krb5/from_master"
#define KPROP_CKSUMTYPE CKSUMTYPE_RSA_MD4_DES
-#define KPROPD_DEFAULT_KDB5_EDIT "/krb5/bin/kdb5_edit"
+#define KPROPD_DEFAULT_KDB5_EDIT "/krb5/admin/kdb5_edit"
#define KPROPD_DEFAULT_KRB_DB "/krb5/principal"
#define KPROPD_ACL_FILE "/krb5/kpropd.acl"
.B \-d
] [
.B \-S
-]
+] [
+.B \-P
+.I port
+]
.br
.SH DESCRIPTION
.I kpropd
will not detach itself from the current job and run in the background.
Instead, it will run in the foreground and print out debugging
messages during the database propagation.
+.PP
+The
+.B \-P
+option allows for an alternate port number for
+.I kpropd
+to listen on. This is only useful if the program is run in standalone
+mode.
.SH SEE ALSO
kprop(8), kdb5_edit(8), krb5kdc(8), inetd(8)
char *progname;
int debug = 0;
char *srvtab = 0;
-int standalone;
+int standalone = 0;
krb5_principal server; /* This is our server principal name */
krb5_principal client; /* This is who we're talking to */
int database_fd;
krb5_address sender_addr;
krb5_address receiver_addr;
+short port = 0;
void PRS
PROTOTYPE((char**));
"\nUsage: %s [-r realm] [-s srvtab] [-dS] [-f slave_file]\n",
progname);
fprintf(stderr, "\t[-F kerberos_db_file ] [-p kdb5_edit_pathname]\n");
+ fprintf(stderr, "\t[-P port]\n");
exit(1);
}
com_err(progname, errno, "while obtaining socket");
exit(1);
}
- sp = getservbyname(KPROP_SERVICE, "tcp");
- if (sp == NULL) {
- com_err(progname, 0, "%s/tcp: unknown service", KPROP_SERVICE);
- exit(1);
- }
memset((char *) &sin,0, sizeof(sin));
+ if(!port) {
+ sp = getservbyname(KPROP_SERVICE, "tcp");
+ if (sp == NULL) {
+ com_err(progname, 0, "%s/tcp: unknown service", KPROP_SERVICE);
+ exit(1);
+ }
+ sin.sin_port = sp->s_port;
+ } else {
+ sin.sin_port = port;
+ }
sin.sin_family = AF_INET;
- sin.sin_port = sp->s_port;
if ((ret = bind(finet, (struct sockaddr *) &sin, sizeof(sin))) < 0) {
if (debug) {
int on = 1;
usage();
word = 0;
break;
+ case 'P':
+ if (*word)
+ port = htons(atoi(word));
+ else
+ port = htons(atoi(*argv++));
+ if (!port)
+ usage();
+ word = 0;
+ break;
case 'r':
if (*word)
realm = word;
krb5_ticket * ticket;
struct sockaddr_in r_sin;
int sin_length;
+ krb5_keytab keytab = NULL;
/*
* Set recv_addr and send_addr
exit(1);
}
+ if (srvtab) {
+ if (retval = krb5_kt_resolve(context, srvtab, &keytab)) {
+ syslog(LOG_ERR, "Error in krb5_kt_resolve: %s", error_message(retval));
+ exit(1);
+ }
+ }
+
if (retval = krb5_recvauth(context, &auth_context, (void *) &fd,
- kprop_version, server, 0, NULL, &ticket)){
+ kprop_version, server, 0, keytab, &ticket)){
syslog(LOG_ERR, "Error in krb5_recvauth: %s", error_message(retval));
exit(1);
}
projects / krb5.git / commitdiff