From c27165044b675285c475ad31dccf7570a8471035 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Mon, 29 Dec 2008 17:12:54 +0000 Subject: [PATCH] Revert r21589, and export krb5_get_fallback_host_realm instead Rationale: Zephyr and AFS both use the Kerberos realm name as the name of the service realm (AFS realm or Zephyr galaxy). AFS can grab the Kerberos realm from the ticket being aklogged, but Zephyr is not necessarily getting credentials at all (you could be sending an unauthenticated message), and currently finds its answer by looking up the realm of the server host. Although we can't currently provide an accurate result for this lookup in the presence of referrals, we do need to provide enough tools to get as good of an answer as libzephyr could have gotten before referrals went in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int.h | 4 ---- src/include/krb5/krb5.hin | 4 ++++ src/lib/krb5/krb/gc_frm_kdc.c | 15 ++++++++------- src/lib/krb5/libkrb5.exports | 1 + src/lib/krb5/os/hst_realm.c | 15 ++++++++++++--- .../collected-client-lib/libcollected.exports | 1 + 6 files changed, 26 insertions(+), 14 deletions(-) diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 611bddff8..883de3e18 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -538,10 +538,6 @@ krb5int_locate_server (krb5_context, const krb5_data *realm, struct addrlist *, enum locate_service_type svc, int sockettype, int family); -krb5_error_code -krb5int_get_fallback_host_realm (krb5_context, krb5_data *hdata, - char **realmp); - /* new encryption provider api */ struct krb5_enc_provider { diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 4848178d0..accde60fc 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2099,6 +2099,10 @@ krb5_error_code KRB5_CALLCONV krb5_get_host_realm (krb5_context, const char *, char *** ); +krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm + (krb5_context, + krb5_data *, + char *** ); krb5_error_code KRB5_CALLCONV krb5_free_host_realm (krb5_context, char * const * ); diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 801ea9f8a..90a49d6a6 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -787,7 +787,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_principal client, server, supplied_server, out_supplied_server; krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS]; krb5_boolean old_use_conf_ktypes; - char *hrealm; + char **hrealms; unsigned int referral_count, i; /* @@ -1021,22 +1021,23 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, */ if (krb5_is_referral_realm(&supplied_server->realm)) { if (server->length >= 2) { - retval=krb5int_get_fallback_host_realm(context, &server->data[1], - &hrealm); + retval=krb5_get_fallback_host_realm(context, &server->data[1], + &hrealms); if (retval) goto cleanup; #if 0 DPRINTF(("gc_from_kdc: using fallback realm of %s\n", - hrealm)); + hrealms[0])); #endif krb5_free_data_contents(context,&in_cred->server->realm); - server->realm.data=hrealm; - server->realm.length=strlen(hrealm); + server->realm.data=hrealms[0]; + server->realm.length=strlen(hrealms[0]); + free(hrealms); } else { /* * Problem case: Realm tagged for referral but apparently not * in a / format that - * krb5int_get_fallback_host_realm can deal with. + * krb5_get_fallback_host_realm can deal with. */ DPRINTF(("gc_from_kdc: referral specified " "but no fallback realm avaiable!\n")); diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 9b12be985..cabfc2341 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -262,6 +262,7 @@ krb5_get_default_config_files krb5_get_default_in_tkt_ktypes krb5_get_default_realm krb5_get_error_message +krb5_get_fallback_host_realm krb5_get_host_realm krb5_get_in_tkt krb5_get_in_tkt_with_keytab diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index a97ca6d98..36c0e4860 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -335,9 +335,9 @@ krb5int_translate_gai_error (int num) */ krb5_error_code KRB5_CALLCONV -krb5int_get_fallback_host_realm(krb5_context context, krb5_data *hdata, - char **realmp) +krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp) { + char **retrealms; char *realm, *cp; krb5_error_code retval; char local_host[MAXDNAME+1], host[MAXDNAME+1]; @@ -417,7 +417,16 @@ krb5int_get_fallback_host_realm(krb5_context context, krb5_data *hdata, return retval; } - *realmp = realm; + if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) { + if (realm != (char *)NULL) + free(realm); + return ENOMEM; + } + + retrealms[0] = realm; + retrealms[1] = 0; + + *realmsp = retrealms; return 0; } diff --git a/src/util/collected-client-lib/libcollected.exports b/src/util/collected-client-lib/libcollected.exports index 8c124d186..fb91133fb 100644 --- a/src/util/collected-client-lib/libcollected.exports +++ b/src/util/collected-client-lib/libcollected.exports @@ -177,6 +177,7 @@ krb5_auth_con_getauthenticator krb5_read_password krb5_aname_to_localname krb5_get_host_realm +krb5_get_fallback_host_realm krb5_free_host_realm krb5_auth_con_genaddrs krb5_set_real_time -- 2.26.2