From 5b3eb02b652e8377c88c585b882c16ff0d6bf87e Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Sat, 22 Apr 1995 04:24:57 +0000 Subject: [PATCH] Makefile.in, configure.in, t_std_conf.c: Add test program to test the standard configuration krb5 routines. osconfig.c: Don't define krb5_kdc_udp_portname and krb5_kdc_sec_portname any more. There's no real point... hst_realm.c (krb5_get_krbhst): Strip off the trailing dot from the hostname if present. locate_kdc.c (krb5_locate_kdc): Use the profile code to get the list of Kerberos servers (plus port numbers) for a particular realm from [realms]//kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5442 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/os/ChangeLog | 113 +++++++++-------- src/lib/krb5/os/Makefile.in | 25 ++++ src/lib/krb5/os/configure.in | 1 + src/lib/krb5/os/get_krbhst.c | 2 +- src/lib/krb5/os/hst_realm.c | 9 +- src/lib/krb5/os/locate_kdc.c | 98 ++++++++------- src/lib/krb5/os/osconfig.c | 9 -- src/lib/krb5/os/ref_std_conf.out | 12 ++ src/lib/krb5/os/t_std_conf.c | 200 +++++++++++++++++++++++++++++++ src/lib/krb5/os/td_krb5.conf | 19 +++ 10 files changed, 382 insertions(+), 106 deletions(-) create mode 100644 src/lib/krb5/os/ref_std_conf.out create mode 100644 src/lib/krb5/os/t_std_conf.c create mode 100644 src/lib/krb5/os/td_krb5.conf diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index 8fe318fd0..c13b4af41 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,13 +1,28 @@ +Sat Apr 22 00:11:12 1995 Theodore Y. Ts'o (tytso@dcl) + + * Makefile.in, configure.in, t_std_conf.c: Add test program to + test the standard configuration krb5 routines. + + * osconfig.c: Don't define krb5_kdc_udp_portname and + krb5_kdc_sec_portname any more. There's no real point... + + * hst_realm.c (krb5_get_krbhst): Strip off the trailing dot from + the hostname if present. + + * locate_kdc.c (krb5_locate_kdc): Use the profile code to get the + list of Kerberos servers (plus port numbers) for a + particular realm from [realms]//kdc + Fri Apr 21 11:38:45 1995 Theodore Y. Ts'o * def_realm.c (krb5_get_default_realm): Use the profile code to get the default realm from [libdefaults]/default_realm. * get_krbhst.c (krb5_get_krbhst): Use the profile code to get the - list of Kerberos servers for a particualar realm from + list of Kerberos servers for a particular realm from [realms]//kdc - * realm_dom.c (krb5_get_realm_domain): Use the profile code to + * realm_dom.c (krb5_get_realm_domain): Use the profile code to get the default domain postfix for a realm (used only to convert V4 -> V5 principals) from [realms]//default_domain @@ -17,10 +32,10 @@ Fri Apr 21 11:38:45 1995 Theodore Y. Ts'o [domain_realm]/ * init_os_ctx.c (krb5_os_init_context): When the OS context is - initialized, also initialize the profile file. This loads + initialized, also initialize the profile file. This loads in the /etc/krb5.conf file. -Wed Apr 19 13:50:19 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) +Wed Apr 19 13:50:19 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) * def_realm.c: (krb5_get_default_realm) - remove global default realm. Moved into the context. (krb5_set_default_realm) added. @@ -28,7 +43,7 @@ Wed Apr 19 13:50:19 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) Fri Apr 14 22:15:00 1995 Theodore Y. Ts'o * an_to_ln.c (dbm_an_to_ln): Don't compile dbm_an_to_ln() if - USE_DBM_LNAME isn't defined. + USE_DBM_LNAME isn't defined. Fri Apr 14 15:15:48 1995 @@ -41,24 +56,24 @@ Fri Apr 14 15:15:48 1995 Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com) * *.[ch]: removed unneeded INTERFACE from non-api functions. - * read_pwd.c: __STDC__ conditional also checks the _WINDOWS define. + * read_pwd.c: __STDC__ conditional also checks the _WINDOWS define. Fri Apr 7 15:32:04 1995 Keith Vetter (keithv@fusion.com) * ccdefname.c: - changed windows stored filename syntax--dropped the 'FILE:' part. - changed buffer from malloc to static since we don't want it - ever to fail, and nobody checks it for errors. + changed windows stored filename syntax--dropped the 'FILE:' part. + changed buffer from malloc to static since we don't want it + ever to fail, and nobody checks it for errors. Wed Apr 5 16:32:07 1995 Keith Vetter (keithv@fusion.com) * get_krbh.c: better error handling--old return values were - being overwritten. - * locate_kdc.c: added new error code KRB5_REALM_CANT_RESOLVE for - when we have realm names but can't find their addresses. - Also, fixed up indenting of an if clause. - * sendto_kdc.c: added winsock init/destroy calls because some - PC tcp/ip stacks seem to need it. + being overwritten. + * locate_kdc.c: added new error code KRB5_REALM_CANT_RESOLVE for + when we have realm names but can't find their addresses. + Also, fixed up indenting of an if clause. + * sendto_kdc.c: added winsock init/destroy calls because some + PC tcp/ip stacks seem to need it. Fri Mar 31 16:30:03 1995 Theodore Y. Ts'o (tytso@dcl) @@ -69,47 +84,47 @@ Fri Mar 31 16:30:03 1995 Theodore Y. Ts'o (tytso@dcl) Thu Mar 30 15:54:54 1995 Keith Vetter (keithv@fusion.com) * localaddr.c: in Windows/Mac code, fixed bug due to wrong level - of indirection on memcpy call. + of indirection on memcpy call. Tue Mar 28 19:22:28 1995 Keith Vetter (keithv@fusion.com) - For Windows, added calls to get the default config, realms and - ccache files out of a windows ini file. - * ccdefname.c: does this for the credential cache. - * osconfig.c: does this for the config and realms files. + For Windows, added calls to get the default config, realms and + ccache files out of a windows ini file. + * ccdefname.c: does this for the credential cache. + * osconfig.c: does this for the config and realms files. * get_krbh.c, realm_do.c, hst_real.c, def_real.c: added calls to - set the default values. + set the default values. -Tue Mar 28 18:35:20 1995 John Gilmore (gnu at toad.com) +Tue Mar 28 18:35:20 1995 John Gilmore (gnu at toad.com) * DNR.c: Add Apple MacTCP source file for domain name resolution. * macsock.c: Add fake socket support routines for MacTCP. * Makefile.in (OBJS, SRCS): Add DNR and macsock. - * ccdefname.c: On Mac, default cred cache is "STDIO:krb5cc" for now. + * ccdefname.c: On Mac, default cred cache is "STDIO:krb5cc" for now. FIXME, this needs to find the Preferences folder and use that. FIXME, shouldn't be conditioned on HAVE_MACSOCK_H. - * gmt_mktime.c: Use HAVE_SYS_TYPES_H. - * krbfileio.c: Remove . + * gmt_mktime.c: Use HAVE_SYS_TYPES_H. + * krbfileio.c: Remove . * localaddr.c, sendto_kdc.c: Convert to more generic socket support. Use closesocket instead of close, SOCKET_ERRNO rather than errno, SOCKET rather than int, etc. - * localaddr.c: Use getmyipaddr() from macsock.c, if on Mac. + * localaddr.c: Use getmyipaddr() from macsock.c, if on Mac. Add FIXME for multiple local addresses. - * lock_file.c: Provide a dummy version for MacOS. + * lock_file.c: Provide a dummy version for MacOS. * read_pwd.c (ECHO_PASSWORD): Add #ifdef's to avoid all the ioctls - and other stuff that turn off echoing. This is useful for debugging + and other stuff that turn off echoing. This is useful for debugging on MacOS. FIXME: ECHO_PASSWORD needs to be added to configure.in. * ustime.c: Bring in Mac-specific time-and-timezone code. It probably isn't hooked up correctly, yet. -Mon Mar 27 14:16:39 1995 John Gilmore (gnu at toad.com) +Mon Mar 27 14:16:39 1995 John Gilmore (gnu at toad.com) * full_ipadr.c, gen_rname.c, port2ip.c, read_msg.c, write_msg.c: Remove explicit includes of socket files. - * locate_kdc.c: Remove and "os-proto.h". + * locate_kdc.c: Remove and "os-proto.h". * macsock.c (connect, send, recv): Add for K5 compatability. - (getmyipaddr): Add for use in K5. + (getmyipaddr): Add for use in K5. * macsock.c: Add Mac socket support file, verbatim from K4 release. @@ -127,7 +142,7 @@ Fri Mar 24 17:58:15 1995 Theodore Y. Ts'o (tytso@rt-11) Thu Mar 23 23:11:36 1995 Theodore Y. Ts'o * realm_dom.c (krb5_get_realm_domain): Don't indent preprocessor - directives. (Not portable). + directives. (Not portable). * hst_realm.c (krb5_get_host_realm): Don't indent preprocessor directives. Removed excess close paren introduced by @@ -135,35 +150,35 @@ Thu Mar 23 23:11:36 1995 Theodore Y. Ts'o Wed Mar 22 18:59:47 1995 Keith Vetter (keithv@fusion.com) - * hst_realm.c, realm_dom.c: windows DLL can't use fscanf so had - to write a couple of routines to read what we need from the file. + * hst_realm.c, realm_dom.c: windows DLL can't use fscanf so had + to write a couple of routines to read what we need from the file. Wed Mar 22 13:30:35 1995 Keith Vetter (keithv@fusion.com) * an_to_ln.c, kuserok.c: last two os routines ported to the PC. -Fri Mar 17 19:56:39 1995 John Gilmore (gnu at toad.com) +Fri Mar 17 19:56:39 1995 John Gilmore (gnu at toad.com) * Makefile.in (LDFLAGS): Eliminate, duplicates config/pre.in. - * localaddr.c: Remove socket include files now handled in k5-int.h. + * localaddr.c: Remove socket include files now handled in k5-int.h. Wed Mar 15 12:19:47 1995 Keith Vetter (keithv@fusion.com) * sendto_kdc.c: made to work on the PC. -Tue Mar 7 22:15:00 1995 Keith Vetter +Tue Mar 7 22:15:00 1995 Keith Vetter * sendto_kdc.c: stubbed on the PC for now. -Tue Mar 7 19:54:17 1995 Mark Eichin +Tue Mar 7 19:54:17 1995 Mark Eichin * configure.in: take out ISODE_DEFS, ISODE_INCLUDE. Tue Mar 7 13:35:21 1995 Keith Vetter (keithv@fusion.com) * *.c: ported all the c files except an_to_ln, kuserok, and - sendto_kdc which have windows stubs. - * Makefile.in: reflects above changes. + sendto_kdc which have windows stubs. + * Makefile.in: reflects above changes. Wed Mar 1 17:30:00 1995 Keith Vetter (keithv@fusion.com) @@ -174,16 +189,16 @@ Wed Mar 1 17:30:00 1995 Keith Vetter (keithv@fusion.com) code changes. For now it's just added to the end of the file. Later, we have to decide on a solution for all. -Tue Feb 28 01:07:37 1995 John Gilmore (gnu at toad.com) +Tue Feb 28 01:07:37 1995 John Gilmore (gnu at toad.com) - * *.c: Avoid includes. + * *.c: Avoid includes. -Fri Feb 3 08:24:18 1995 Theodore Y. Ts'o (tytso@dcl) +Fri Feb 3 08:24:18 1995 Theodore Y. Ts'o (tytso@dcl) * gmt_mktime.c (gmt_mktime): Don't double count the leap day in a leap year. -Sun Jan 22 18:23:37 1995 John Gilmore (gnu@cygnus.com) +Sun Jan 22 18:23:37 1995 John Gilmore (gnu@cygnus.com) * get_krbhst.c (krb5_get_krbhst): Declare realm argument const, to match prototype. @@ -192,13 +207,13 @@ Wed Jan 18 11:08:59 1995 * sendto_kdc.c (krb5_sendto_kdc): Fix use of connected sockets; previously krb5_sendto_kdc only used one socket per - address family. This doesn't work; it now uses one + address family. This doesn't work; it now uses one socket per address. (krb5-bugs #938) Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) * Actually move the file init_ctx.c to init_os_ctx.c in the CVS - repository and also rename the routine krb5_free_os_context() + repository and also rename the routine krb5_free_os_context() to krb5_os_free_context(). Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) @@ -210,7 +225,7 @@ Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) Mon Dec 19 15:20:35 1994 Theodore Y. Ts'o (tytso@dcl) - * init_ctx.c: New file. Initializes and frees the krb5_os_context + * init_ctx.c: New file. Initializes and frees the krb5_os_context structure. * realm_dom.c (krb5_get_realm_domain): Fixed minor bug where the @@ -226,7 +241,7 @@ Thu Oct 13 17:24:31 1994 Theodore Y. Ts'o (tytso@maytag) * configure.in: Add ISODE_DEFS -Fri Oct 7 13:23:18 1994 Theodore Y. Ts'o (tytso@dcl) +Fri Oct 7 13:23:18 1994 Theodore Y. Ts'o (tytso@dcl) * configure.in: Add test for unistd.h @@ -238,7 +253,7 @@ Thu Sep 22 20:46:08 1994 Theodore Y. Ts'o (tytso@dcl) * configure.in: Put in correct dependency order of configure.in lines. -Wed Jul 6 13:26:59 1994 Mark Eichin (eichin@cygnus.com) +Wed Jul 6 13:26:59 1994 Mark Eichin (eichin@cygnus.com) * gmt_mktime.c (gmt_mktime): New file, new function. Similar to POSIX mktime, but always works in GMT. diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in index 9e53e7205..98a84689a 100644 --- a/src/lib/krb5/os/Makefile.in +++ b/src/lib/krb5/os/Makefile.in @@ -76,3 +76,28 @@ SRCS= \ all:: $(OBJS) +COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a + +TEST_PROGS= t_std_conf + +T_STD_CONF_OBJS= t_std_conf.o def_realm.o get_krbhst.o realm_dom.o \ + hst_realm.o init_os_ctx.o locate_kdc.o $(COMERRLIB) \ + $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a + +t_std_conf: $(T_STD_CONF_OBJS) + $(CC) -o t_std_conf $(T_STD_CONF_OBJS) $(LIBS) + +check:: check-$(WHAT) + +check-unix:: $(TEST_PROGS) + KRB5_CONFIG=$(srcdir)/td_krb5.conf ; export KRB5_CONFIG ;\ + ./t_std_conf -d -s NEW.DEFAULT.REALM -d \ + -k IGGY.ORG -k DEFAULT_REALM.TST \ + -D DEFAULT_REALM.TST -r bad.idea -r itar.bad.idea \ + -r really.BAD.IDEA. -r clipper.bad.idea -r KeYEsCrOW.BaD.IDea \ + -r pgp.good.idea > test.out + cmp test.out $(srcdir)/ref_std_conf.out + $(RM) test.out + +clean:: + $(RM) $(TEST_PROGS) test.out diff --git a/src/lib/krb5/os/configure.in b/src/lib/krb5/os/configure.in index 157437797..fed493990 100644 --- a/src/lib/krb5/os/configure.in +++ b/src/lib/krb5/os/configure.in @@ -2,6 +2,7 @@ AC_INIT(configure.in) WITH_CCOPTS CONFIG_RULES AC_SET_BUILDTOP +WITH_NETLIB dnl time checks are for timeofday.c (which gets them from osconf.h) dnl and gmt_mktime.c (which only gets them from here...) AC_TIME_WITH_SYS_TIME diff --git a/src/lib/krb5/os/get_krbhst.c b/src/lib/krb5/os/get_krbhst.c index 8318d7860..2a0042bbb 100644 --- a/src/lib/krb5/os/get_krbhst.c +++ b/src/lib/krb5/os/get_krbhst.c @@ -195,7 +195,7 @@ krb5_get_krbhst(context, realm, hostlist) cp = strchr(*cpp, '\t'); if (cp) *cp = 0; - cp = strchr(*cpp, ','); + cp = strchr(*cpp, ':'); if (cp) *cp = 0; } diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 1362f4319..5ce9c8229 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -245,6 +245,7 @@ krb5_get_host_realm(context, host, realmsp) char **retrealms; char *domain, *default_realm, *realm, *cp; krb5_error_code retval; + int l; char local_host[MAXHOSTNAMELEN+1]; if (host) @@ -258,6 +259,10 @@ krb5_get_host_realm(context, host, realmsp) if (isupper(*cp)) *cp = tolower(*cp); } + l = strlen(local_host); + /* strip off trailing dot */ + if (l && local_host[l-1] == '.') + local_host[l-1] = 0; domain = strchr(local_host, '.'); /* prepare default */ @@ -277,14 +282,14 @@ krb5_get_host_realm(context, host, realmsp) } } - retval = profile_get_string(context->profile, "domain_realm", local_host, + retval = profile_get_string(context->profile, "domain_realm", domain, 0, default_realm, &realm); free(default_realm); if (retval) return retval; default_realm = realm; - retval = profile_get_string(context->profile, "domain_realm", domain, + retval = profile_get_string(context->profile, "domain_realm", local_host, 0, default_realm, &realm); free(default_realm); if (retval) diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index cc498705c..f245ad637 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -28,11 +28,6 @@ #include "k5-int.h" #include -#ifdef KRB5_USE_INET -extern char *krb5_kdc_udp_portname; -extern char *krb5_kdc_sec_udp_portname; -#endif - /* * returns count of number of addresses found */ @@ -44,7 +39,8 @@ krb5_locate_kdc(context, realm, addr_pp, naddrs) struct sockaddr **addr_pp; int *naddrs; { - char **hostlist; + const char *realm_kdc_names[4]; + char **hostlist, *host, *port, *cp; krb5_error_code code; int i, j, out, count; struct sockaddr *addr_p; @@ -58,22 +54,27 @@ krb5_locate_kdc(context, realm, addr_pp, naddrs) hostlist = 0; - if (code = krb5_get_krbhst (context, realm, &hostlist)) - return(code); + realm_kdc_names[0] = "realms"; + realm_kdc_names[1] = realm->data; + realm_kdc_names[2] = "kdc"; + realm_kdc_names[3] = 0; + + code = profile_get_values(context->profile, realm_kdc_names, &hostlist); + if (code == PROF_NO_SECTION) + return KRB5_REALM_UNKNOWN; + if (code == PROF_NO_RELATION) + return KRB5_CONFIG_BADFORMAT; + if (code) + return code; #ifdef KRB5_USE_INET - if (sp = getservbyname(krb5_kdc_udp_portname, "udp")) + if (sp = getservbyname(KDC_PORTNAME, "udp")) udpport = sp->s_port; - if (krb5_kdc_sec_udp_portname) - if (sp = getservbyname(krb5_kdc_sec_udp_portname, "udp")) { -#ifdef KRB5_TRY_SECONDARY_PORT_FIRST - sec_udpport = udpport; - udpport = sp->s_port; -#else - sec_udpport = sp->s_port; -#endif - } + if (sp = getservbyname(KDC_SECONDARY_PORTNAME, "udp")) + sec_udpport = sp->s_port; #endif + if (sec_udpport == udpport) + sec_udpport = 0; count = 0; while (hostlist[count]) @@ -92,39 +93,46 @@ krb5_locate_kdc(context, realm, addr_pp, naddrs) addr_p = (struct sockaddr *)malloc (sizeof (struct sockaddr) * count); for (i=0, out=0; hostlist[i]; i++) { + host = hostlist[i]; + /* + * Strip off excess whitespace + */ + cp = strchr(host, ' '); + if (cp) + *cp = 0; + cp = strchr(host, '\t'); + if (cp) + *cp = 0; + port = strchr(host, ':'); + if (port) { + *port = 0; + port++; + } hp = gethostbyname(hostlist[i]); if (hp != 0) { switch (hp->h_addrtype) { #ifdef KRB5_USE_INET case AF_INET: - if (udpport) { /* must have gotten a port # */ - for (j=0; hp->h_addr_list[j]; j++) { - sin_p = (struct sockaddr_in *) &addr_p[out++]; - memset ((char *)sin_p, 0, sizeof(struct sockaddr)); - sin_p->sin_family = hp->h_addrtype; - sin_p->sin_port = udpport; - memcpy((char *)&sin_p->sin_addr, - (char *)hp->h_addr_list[j], - sizeof(struct in_addr)); - if (out >= count) { - count *= 2; - addr_p = (struct sockaddr *) - realloc ((char *)addr_p, - sizeof(struct sockaddr) * count); - } - if (sec_udpport) { - addr_p[out] = addr_p[out-1]; - sin_p = (struct sockaddr_in *) &addr_p[out++]; - sin_p->sin_port = sec_udpport; - if (out >= count) { - count *= 2; - addr_p = (struct sockaddr *) - realloc ((char *)addr_p, - sizeof(struct sockaddr) * count); - } - } + for (j=0; hp->h_addr_list[j]; j++) { + sin_p = (struct sockaddr_in *) &addr_p[out++]; + memset ((char *)sin_p, 0, sizeof(struct sockaddr)); + sin_p->sin_family = hp->h_addrtype; + sin_p->sin_port = port ? htons(atoi(port)) : udpport; + memcpy((char *)&sin_p->sin_addr, + (char *)hp->h_addr_list[j], + sizeof(struct in_addr)); + if (out+1 >= count) { + count += 5; + addr_p = (struct sockaddr *) + realloc ((char *)addr_p, + sizeof(struct sockaddr) * count); + } + if (sec_udpport && !port) { + addr_p[out] = addr_p[out-1]; + sin_p = (struct sockaddr_in *) &addr_p[out++]; + sin_p->sin_port = sec_udpport; } - } + } break; #endif default: diff --git a/src/lib/krb5/os/osconfig.c b/src/lib/krb5/os/osconfig.c index 07a3d045a..31f9570fb 100644 --- a/src/lib/krb5/os/osconfig.c +++ b/src/lib/krb5/os/osconfig.c @@ -39,15 +39,6 @@ int krb5_max_skdc_timeout = MAX_SKDC_TIMEOUT; int krb5_skdc_timeout_shift = SKDC_TIMEOUT_SHIFT; int krb5_skdc_timeout_1 = SKDC_TIMEOUT_1; -#ifdef KRB5_USE_INET -char *krb5_kdc_udp_portname = KDC_PORTNAME; -#ifdef KDC_SECONDARY_PORTNAME -char *krb5_kdc_sec_udp_portname = KDC_SECONDARY_PORTNAME; -#else -char *krb5_kdc_sec_udp_portname = 0; -#endif -#endif - char *krb5_default_pwd_prompt1 = DEFAULT_PWD_STRING1; char *krb5_default_pwd_prompt2 = DEFAULT_PWD_STRING2; diff --git a/src/lib/krb5/os/ref_std_conf.out b/src/lib/krb5/os/ref_std_conf.out new file mode 100644 index 000000000..45270828a --- /dev/null +++ b/src/lib/krb5/os/ref_std_conf.out @@ -0,0 +1,12 @@ +krb5_get_default_realm() returned 'DEFAULT.REALM.TST' +krb5_set_default_realm(NEW.DEFAULT.REALM) +krb5_get_default_realm() returned 'NEW.DEFAULT.REALM' +krb_get_krbhst(IGGY.ORG) returned: 'KERBEROS.IGGY.ORG' 'KERBEROS-B.IGGY.ORG' +krb_get_krbhst(DEFAULT_REALM.TST) returned: 'FIRST.KDC.HOST' 'SECOND.KDC.HOST' +krb5_get_realm_domain(DEFAULT_REALM.TST) returned 'MIT.EDU' +krb_get_host_realm(bad.idea) returned: 'US.GOV' +krb_get_host_realm(itar.bad.idea) returned: 'NSA.GOV' +krb_get_host_realm(really.BAD.IDEA.) returned: 'NSA.GOV' +krb_get_host_realm(clipper.bad.idea) returned: 'NIST.GOV' +krb_get_host_realm(KeYEsCrOW.BaD.IDea) returned: 'NSA.GOV' +krb_get_host_realm(pgp.good.idea) returned: 'GOOD.IDEA' diff --git a/src/lib/krb5/os/t_std_conf.c b/src/lib/krb5/os/t_std_conf.c new file mode 100644 index 000000000..adecb2eee --- /dev/null +++ b/src/lib/krb5/os/t_std_conf.c @@ -0,0 +1,200 @@ +/* + * t_std_conf.c --- This program tests standard Krb5 routines which pull + * values from the krb5 config file(s). + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "krb5.h" + +void test_get_default_realm(ctx) + krb5_context ctx; +{ + char *realm; + krb5_error_code retval; + + retval = krb5_get_default_realm(ctx, &realm); + if (retval) { + com_err("krb5_get_default_realm", retval, 0); + return; + } + printf("krb5_get_default_realm() returned '%s'\n", realm); + free(realm); +} + +void test_set_default_realm(ctx, realm) + krb5_context ctx; + char *realm; +{ + krb5_error_code retval; + + retval = krb5_set_default_realm(ctx, realm); + if (retval) { + com_err("krb5_set_default_realm", retval, 0); + return; + } + printf("krb5_set_default_realm(%s)\n", realm); +} + +void test_get_krbhst(ctx, realm) + krb5_context ctx; + char *realm; +{ + char **hostlist, **cpp; + krb5_data rlm; + krb5_error_code retval; + + rlm.data = realm; + rlm.length = strlen(realm); + retval = krb5_get_krbhst(ctx, &rlm, &hostlist); + if (retval) { + com_err("krb5_get_krbhst", retval, 0); + return; + } + printf("krb_get_krbhst(%s) returned:", realm); + if (hostlist == 0) { + printf(" (null)\n"); + return; + } + if (hostlist[0] == 0) { + printf(" (none)\n"); + free(hostlist); + return; + } + for (cpp = hostlist; *cpp; cpp++) { + printf(" '%s'", *cpp); + free(*cpp); + } + free(hostlist); + printf("\n"); +} + +void test_locate_kdc(ctx, realm) + krb5_context ctx; + char *realm; +{ + struct sockaddr *addrs; + struct sockaddr_in *sin; + int i, naddrs; + krb5_data rlm; + krb5_error_code retval; + + rlm.data = realm; + rlm.length = strlen(realm); + retval = krb5_locate_kdc(ctx, &rlm, &addrs, &naddrs); + if (retval) { + com_err("krb5_get_krbhst", retval, 0); + return; + } + printf("krb_get_krbhst(%s) returned:", realm); + for (i=0; i < naddrs; i++) { + sin = (struct sockaddr_in *) &addrs[i]; + printf(" %s/%d", inet_ntoa(sin->sin_addr), + ntohs(sin->sin_port)); + } + free(addrs); + printf("\n"); +} + +void test_get_host_realm(ctx, host) + krb5_context ctx; + char *host; +{ + char **realms, **cpp; + krb5_error_code retval; + + retval = krb5_get_host_realm(ctx, host, &realms); + if (retval) { + com_err("krb5_get_host_realm", retval, 0); + return; + } + printf("krb_get_host_realm(%s) returned:", host); + if (realms == 0) { + printf(" (null)\n"); + return; + } + if (realms[0] == 0) { + printf(" (none)\n"); + free(realms); + return; + } + for (cpp = realms; *cpp; cpp++) { + printf(" '%s'", *cpp); + free(*cpp); + } + free(realms); + printf("\n"); +} + +void test_get_realm_domain(ctx, realm) + krb5_context ctx; + char *realm; +{ + krb5_error_code retval; + char *domain; + + retval = krb5_get_realm_domain(ctx, realm, &domain); + if (retval) { + com_err("krb5_get_realm_domain", retval, 0); + return; + } + printf("krb5_get_realm_domain(%s) returned '%s'\n", realm, domain); + free(domain); +} + +void usage(progname) + char *progname; +{ + fprintf(stderr, "%s: Usage: %s [-d] [-k realm] [-r host] [-D realm]\n", + progname, progname); + exit(1); +} + +main(argc, argv) + int argc; + char **argv; +{ + int c; + krb5_context ctx; + krb5_error_code retval; + + retval = krb5_init_context(&ctx); + if (retval) { + fprintf(stderr, "krb5_init_context returned error %ld\n", + retval); + exit(1); + } + krb5_init_ets(ctx); + + while ((c = getopt(argc, argv, "dk:r:D:l:s:")) != EOF) { + switch (c) { + case 'd': /* Get default realm */ + test_get_default_realm(ctx); + break; + case 'k': /* Get list of KDC's */ + test_get_krbhst(ctx, optarg); + break; + case 'l': + test_locate_kdc(ctx, optarg); + break; + case 'r': + test_get_host_realm(ctx, optarg); + break; + case 's': + test_set_default_realm(ctx, optarg); + break; + case 'D': + test_get_realm_domain(ctx, optarg); + break; + default: + usage(argv[0]); + } + } + exit(0); +} diff --git a/src/lib/krb5/os/td_krb5.conf b/src/lib/krb5/os/td_krb5.conf new file mode 100644 index 000000000..cdee60945 --- /dev/null +++ b/src/lib/krb5/os/td_krb5.conf @@ -0,0 +1,19 @@ +[libdefaults] + default_realm = DEFAULT.REALM.TST + +[realms] + DEFAULT_REALM.TST = { + kdc = FIRST.KDC.HOST:750 + kdc = SECOND.KDC.HOST:88 + admin_server = FIRST.KDC.HOST + default_domain = MIT.EDU + } + IGGY.ORG = { + kdc = KERBEROS.IGGY.ORG + kdc = KERBEROS-B.IGGY.ORG + } + +[domain_realm] + bad.idea = US.GOV + .bad.idea = NSA.GOV + clipper.bad.idea = NIST.GOV -- 2.26.2