svn rev #21631: trunk/src/ include/ include/krb5/ lib/krb5/ lib/krb5/krb/ lib/krb5/os/ ...

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Dec 29 12:12:57 EST 2008 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21631
Commit By: ghudson
Log Message:
Revert r21589, and export krb5_get_fallback_host_realm instead.

Rationale: Zephyr and AFS both use the Kerberos realm name as the
name of the service realm (AFS realm or Zephyr galaxy).  AFS can grab
the Kerberos realm from the ticket being aklogged, but Zephyr is not
necessarily getting credentials at all (you could be sending an
unauthenticated message), and currently finds its answer by looking
up the realm of the server host.  Although we can't currently provide
an accurate result for this lookup in the presence of referrals, we do
need to provide enough tools to get as good of an answer as libzephyr
could have gotten before referrals went in.



Changed Files:
U   trunk/src/include/k5-int.h
U   trunk/src/include/krb5/krb5.hin
U   trunk/src/lib/krb5/krb/gc_frm_kdc.c
U   trunk/src/lib/krb5/libkrb5.exports
U   trunk/src/lib/krb5/os/hst_realm.c
U   trunk/src/util/collected-client-lib/libcollected.exports
Modified: trunk/src/include/k5-int.h
===================================================================
--- trunk/src/include/k5-int.h	2008-12-29 14:49:04 UTC (rev 21630)
+++ trunk/src/include/k5-int.h	2008-12-29 17:12:54 UTC (rev 21631)
@@ -538,10 +538,6 @@
 		       struct addrlist *, enum locate_service_type svc,
 		       int sockettype, int family);
 
-krb5_error_code
-krb5int_get_fallback_host_realm (krb5_context, krb5_data *hdata,
-				 char **realmp);
-
 /* new encryption provider api */
 
 struct krb5_enc_provider {

Modified: trunk/src/include/krb5/krb5.hin
===================================================================
--- trunk/src/include/krb5/krb5.hin	2008-12-29 14:49:04 UTC (rev 21630)
+++ trunk/src/include/krb5/krb5.hin	2008-12-29 17:12:54 UTC (rev 21631)
@@ -2099,6 +2099,10 @@
 	(krb5_context,
 		const char *,
 		char *** );
+krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm
+	(krb5_context,
+		krb5_data *,
+		char *** );
 krb5_error_code KRB5_CALLCONV krb5_free_host_realm
 	(krb5_context,
 		char * const * );

Modified: trunk/src/lib/krb5/krb/gc_frm_kdc.c
===================================================================
--- trunk/src/lib/krb5/krb/gc_frm_kdc.c	2008-12-29 14:49:04 UTC (rev 21630)
+++ trunk/src/lib/krb5/krb/gc_frm_kdc.c	2008-12-29 17:12:54 UTC (rev 21631)
@@ -787,7 +787,7 @@
     krb5_principal client, server, supplied_server, out_supplied_server;
     krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS];
     krb5_boolean old_use_conf_ktypes;
-    char *hrealm;
+    char **hrealms;
     unsigned int referral_count, i;
 
     /* 
@@ -1021,22 +1021,23 @@
      */
     if (krb5_is_referral_realm(&supplied_server->realm)) {
         if (server->length >= 2) {
-	    retval=krb5int_get_fallback_host_realm(context, &server->data[1],
-						   &hrealm);
+	    retval=krb5_get_fallback_host_realm(context, &server->data[1],
+						&hrealms);
 	    if (retval) goto cleanup;
 #if 0
 	    DPRINTF(("gc_from_kdc: using fallback realm of %s\n",
-		     hrealm));
+		     hrealms[0]));
 #endif
 	    krb5_free_data_contents(context,&in_cred->server->realm);
-	    server->realm.data=hrealm;
-	    server->realm.length=strlen(hrealm);
+	    server->realm.data=hrealms[0];
+	    server->realm.length=strlen(hrealms[0]);
+	    free(hrealms);
 	}
 	else {
 	    /*
 	     * Problem case: Realm tagged for referral but apparently not
 	     * in a <type>/<host> format that
-	     * krb5int_get_fallback_host_realm can deal with.
+	     * krb5_get_fallback_host_realm can deal with.
 	     */
 	    DPRINTF(("gc_from_kdc: referral specified "
 		     "but no fallback realm avaiable!\n"));

Modified: trunk/src/lib/krb5/libkrb5.exports
===================================================================
--- trunk/src/lib/krb5/libkrb5.exports	2008-12-29 14:49:04 UTC (rev 21630)
+++ trunk/src/lib/krb5/libkrb5.exports	2008-12-29 17:12:54 UTC (rev 21631)
@@ -262,6 +262,7 @@
 krb5_get_default_in_tkt_ktypes
 krb5_get_default_realm
 krb5_get_error_message
+krb5_get_fallback_host_realm
 krb5_get_host_realm
 krb5_get_in_tkt
 krb5_get_in_tkt_with_keytab

Modified: trunk/src/lib/krb5/os/hst_realm.c
===================================================================
--- trunk/src/lib/krb5/os/hst_realm.c	2008-12-29 14:49:04 UTC (rev 21630)
+++ trunk/src/lib/krb5/os/hst_realm.c	2008-12-29 17:12:54 UTC (rev 21631)
@@ -335,9 +335,9 @@
  */
 
 krb5_error_code KRB5_CALLCONV
-krb5int_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
-				char **realmp)
+krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp)
 {
+    char **retrealms;
     char *realm, *cp;
     krb5_error_code retval;
     char local_host[MAXDNAME+1], host[MAXDNAME+1];
@@ -417,7 +417,16 @@
 	    return retval;
     }
 
-    *realmp = realm;
+    if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
+	if (realm != (char *)NULL)
+	    free(realm);
+	return ENOMEM;
+    }
+
+    retrealms[0] = realm;
+    retrealms[1] = 0;
+    
+    *realmsp = retrealms;
     return 0;
 }
 

Modified: trunk/src/util/collected-client-lib/libcollected.exports
===================================================================
--- trunk/src/util/collected-client-lib/libcollected.exports	2008-12-29 14:49:04 UTC (rev 21630)
+++ trunk/src/util/collected-client-lib/libcollected.exports	2008-12-29 17:12:54 UTC (rev 21631)
@@ -177,6 +177,7 @@
 krb5_read_password
 krb5_aname_to_localname
 krb5_get_host_realm
+krb5_get_fallback_host_realm
 krb5_free_host_realm
 krb5_auth_con_genaddrs
 krb5_set_real_time

More information about the cvs-krb5 mailing list