Revert r21589, and export krb5_get_fallback_host_realm instead
authorGreg Hudson <ghudson@mit.edu>
Mon, 29 Dec 2008 17:12:54 +0000 (17:12 +0000)
committerGreg Hudson <ghudson@mit.edu>
Mon, 29 Dec 2008 17:12:54 +0000 (17:12 +0000)
Rationale: Zephyr and AFS both use the Kerberos realm name as the
name of the service realm (AFS realm or Zephyr galaxy).  AFS can grab
the Kerberos realm from the ticket being aklogged, but Zephyr is not
necessarily getting credentials at all (you could be sending an
unauthenticated message), and currently finds its answer by looking
up the realm of the server host.  Although we can't currently provide
an accurate result for this lookup in the presence of referrals, we do
need to provide enough tools to get as good of an answer as libzephyr
could have gotten before referrals went in.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970

src/include/k5-int.h
src/include/krb5/krb5.hin
src/lib/krb5/krb/gc_frm_kdc.c
src/lib/krb5/libkrb5.exports
src/lib/krb5/os/hst_realm.c
src/util/collected-client-lib/libcollected.exports

index 611bddff8bdb9c8f66884c86d8e97b585c4f748e..883de3e1881890bc1c7f751a131f1a5639346988 100644 (file)
@@ -538,10 +538,6 @@ krb5int_locate_server (krb5_context, const krb5_data *realm,
                       struct addrlist *, enum locate_service_type svc,
                       int sockettype, int family);
 
-krb5_error_code
-krb5int_get_fallback_host_realm (krb5_context, krb5_data *hdata,
-                                char **realmp);
-
 /* new encryption provider api */
 
 struct krb5_enc_provider {
index 4848178d00636ae312f121e635c1fc5c9cde3b18..accde60fcaed4b51a0aedc1f5681b3c58d370c97 100644 (file)
@@ -2099,6 +2099,10 @@ krb5_error_code KRB5_CALLCONV krb5_get_host_realm
        (krb5_context,
                const char *,
                char *** );
+krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm
+       (krb5_context,
+               krb5_data *,
+               char *** );
 krb5_error_code KRB5_CALLCONV krb5_free_host_realm
        (krb5_context,
                char * const * );
index 801ea9f8a420b10be62647f3c6488415f1a50c97..90a49d6a6e5561bd54a35b0e9a445fe303bfa945 100644 (file)
@@ -787,7 +787,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
     krb5_principal client, server, supplied_server, out_supplied_server;
     krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS];
     krb5_boolean old_use_conf_ktypes;
-    char *hrealm;
+    char **hrealms;
     unsigned int referral_count, i;
 
     /* 
@@ -1021,22 +1021,23 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
      */
     if (krb5_is_referral_realm(&supplied_server->realm)) {
         if (server->length >= 2) {
-           retval=krb5int_get_fallback_host_realm(context, &server->data[1],
-                                                  &hrealm);
+           retval=krb5_get_fallback_host_realm(context, &server->data[1],
+                                               &hrealms);
            if (retval) goto cleanup;
 #if 0
            DPRINTF(("gc_from_kdc: using fallback realm of %s\n",
-                    hrealm));
+                    hrealms[0]));
 #endif
            krb5_free_data_contents(context,&in_cred->server->realm);
-           server->realm.data=hrealm;
-           server->realm.length=strlen(hrealm);
+           server->realm.data=hrealms[0];
+           server->realm.length=strlen(hrealms[0]);
+           free(hrealms);
        }
        else {
            /*
             * Problem case: Realm tagged for referral but apparently not
             * in a <type>/<host> format that
-            * krb5int_get_fallback_host_realm can deal with.
+            * krb5_get_fallback_host_realm can deal with.
             */
            DPRINTF(("gc_from_kdc: referral specified "
                     "but no fallback realm avaiable!\n"));
index 9b12be9855c8534484469196c5760d21d2d98008..cabfc23411fcf95aae86953e5766f19be43c2ebb 100644 (file)
@@ -262,6 +262,7 @@ krb5_get_default_config_files
 krb5_get_default_in_tkt_ktypes
 krb5_get_default_realm
 krb5_get_error_message
+krb5_get_fallback_host_realm
 krb5_get_host_realm
 krb5_get_in_tkt
 krb5_get_in_tkt_with_keytab
index a97ca6d9859ee929fba17d7dcd7d6de568113e17..36c0e48608c1ad1df001b3bf577a0558765af1be 100644 (file)
@@ -335,9 +335,9 @@ krb5int_translate_gai_error (int num)
  */
 
 krb5_error_code KRB5_CALLCONV
-krb5int_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
-                               char **realmp)
+krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp)
 {
+    char **retrealms;
     char *realm, *cp;
     krb5_error_code retval;
     char local_host[MAXDNAME+1], host[MAXDNAME+1];
@@ -417,7 +417,16 @@ krb5int_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
            return retval;
     }
 
-    *realmp = realm;
+    if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
+       if (realm != (char *)NULL)
+           free(realm);
+       return ENOMEM;
+    }
+
+    retrealms[0] = realm;
+    retrealms[1] = 0;
+    
+    *realmsp = retrealms;
     return 0;
 }
 
index 8c124d186e4e6415356a43b7fce5da2273c88ebd..fb91133fbb3bb10e57759f1cac49654285634fa7 100644 (file)
@@ -177,6 +177,7 @@ krb5_auth_con_getauthenticator
 krb5_read_password
 krb5_aname_to_localname
 krb5_get_host_realm
+krb5_get_fallback_host_realm
 krb5_free_host_realm
 krb5_auth_con_genaddrs
 krb5_set_real_time