krb5 commit: Consolidate sn2princ_realm() in kprop and kpropd
Greg Hudson
ghudson at mit.edu
Tue Sep 6 16:49:24 EDT 2016
https://github.com/krb5/krb5/commit/a2ff1d95a8c3c455fc70d7ef6644fa4dabf96549
commit a2ff1d95a8c3c455fc70d7ef6644fa4dabf96549
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Aug 25 15:37:23 2016 -0400
Consolidate sn2princ_realm() in kprop and kpropd
In kprop and kpropd, factor out the duplicated implementation of
sn2princ_with_realm() into kprop_util.c. Rename it to
sn2princ_realm(), remove the type parameter, and require the sname
parameter to be specified. Rewrite the function to use
krb5_expand_hostname(), avoiding an unnecessary hostrealm lookup.
src/slave/kprop.c | 37 ++++---------------------------------
src/slave/kprop.h | 4 ++++
src/slave/kprop_util.c | 31 +++++++++++++++++++++++++++++++
src/slave/kpropd.c | 36 ++++--------------------------------
4 files changed, 43 insertions(+), 65 deletions(-)
diff --git a/src/slave/kprop.c b/src/slave/kprop.c
index e80ecab..5bff5de 100644
--- a/src/slave/kprop.c
+++ b/src/slave/kprop.c
@@ -182,35 +182,6 @@ parse_args(krb5_context context, int argc, char **argv)
}
}
-/* Runs krb5_sname_to_principal with a substitute realm
- * Duplicated in kpropd.c, sharing TBD */
-static krb5_error_code
-sn2princ_with_realm(krb5_context context, const char *hostname,
- const char *sname, krb5_int32 type, const char *rrealm,
- krb5_principal *princ_out)
-{
- krb5_error_code ret;
- krb5_principal princ = NULL;
-
- *princ_out = NULL;
-
- if (rrealm == NULL)
- return EINVAL;
-
- ret = krb5_sname_to_principal(context, hostname, sname, type, &princ);
- if (ret)
- return ret;
-
- ret = krb5_set_principal_realm(context, princ, rrealm);
- if (ret) {
- krb5_free_principal(context, princ);
- return ret;
- }
-
- *princ_out = princ;
- return 0;
-}
-
static void
get_tickets(krb5_context context)
{
@@ -220,8 +191,8 @@ get_tickets(krb5_context context)
krb5_principal server_princ = NULL;
/* Figure out what tickets we'll be using to send. */
- retval = sn2princ_with_realm(context, NULL, NULL, KRB5_NT_SRV_HST, realm,
- &my_principal);
+ retval = sn2princ_realm(context, NULL, KPROP_SERVICE_NAME, realm,
+ &my_principal);
if (retval) {
com_err(progname, errno, _("while setting client principal name"));
exit(1);
@@ -229,8 +200,8 @@ get_tickets(krb5_context context)
/* Construct the principal name for the slave host. */
memset(&creds, 0, sizeof(creds));
- retval = sn2princ_with_realm(context, slave_host, KPROP_SERVICE_NAME,
- KRB5_NT_SRV_HST, realm, &server_princ);
+ retval = sn2princ_realm(context, slave_host, KPROP_SERVICE_NAME, realm,
+ &server_princ);
if (retval) {
com_err(progname, errno, _("while setting server principal name"));
exit(1);
diff --git a/src/slave/kprop.h b/src/slave/kprop.h
index a4aa39a..dbbda43 100644
--- a/src/slave/kprop.h
+++ b/src/slave/kprop.h
@@ -37,3 +37,7 @@
int sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa,
krb5_address **dest);
+
+krb5_error_code
+sn2princ_realm(krb5_context context, const char *hostname, const char *sname,
+ const char *realm, krb5_principal *princ_out);
diff --git a/src/slave/kprop_util.c b/src/slave/kprop_util.c
index beaf1c8..f182554 100644
--- a/src/slave/kprop_util.c
+++ b/src/slave/kprop_util.c
@@ -65,3 +65,34 @@ sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa,
return krb5_copy_addr(context, &addr, dest);
}
+
+/* Construct a host-based principal, similar to krb5_sname_to_principal() but
+ * with a specified realm. */
+krb5_error_code
+sn2princ_realm(krb5_context context, const char *hostname, const char *sname,
+ const char *realm, krb5_principal *princ_out)
+{
+ krb5_error_code ret;
+ char *canonhost, localname[MAXHOSTNAMELEN];
+
+ *princ_out = NULL;
+ assert(sname != NULL && realm != NULL);
+
+ /* If hostname is NULL, use the local hostname. */
+ if (hostname == NULL) {
+ if (gethostname(localname, MAXHOSTNAMELEN) != 0)
+ return SOCKET_ERRNO;
+ hostname = localname;
+ }
+
+ ret = krb5_expand_hostname(context, hostname, &canonhost);
+ if (ret)
+ return ret;
+
+ ret = krb5_build_principal(context, princ_out, strlen(realm), realm, sname,
+ canonhost, (char *)NULL);
+ krb5_free_string(context, canonhost);
+ if (!ret)
+ (*princ_out)->type = KRB5_NT_SRV_HST;
+ return ret;
+}
diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
index ef64222..056c31a 100644
--- a/src/slave/kpropd.c
+++ b/src/slave/kpropd.c
@@ -601,34 +601,6 @@ full_resync(CLIENT *clnt)
return (status == RPC_SUCCESS) ? &clnt_res : NULL;
}
-/* Runs krb5_sname_to_principal with a substitute realm.
- * Duplicated in kprop.c, sharing TBD */
-static krb5_error_code
-sn2princ_with_realm(krb5_context context, const char *hostname,
- const char *sname, krb5_int32 type, const char *rrealm,
- krb5_principal *princ_out)
-{
- krb5_error_code ret;
- krb5_principal princ = NULL;
-
- *princ_out = NULL;
-
- if (rrealm == NULL)
- return EINVAL;
-
- ret = krb5_sname_to_principal(context, hostname, sname, type, &princ);
- if (ret)
- return ret;
-
- ret = krb5_set_principal_realm(context, princ, rrealm);
- if (ret) {
- krb5_free_principal(context, princ);
- return ret;
- }
-
- *princ_out = princ;
- return 0;
-}
/*
* Beg for incrementals from the KDC.
*
@@ -671,8 +643,8 @@ do_iprop()
}
}
- retval = sn2princ_with_realm(kpropd_context, NULL, KIPROP_SVC_NAME,
- KRB5_NT_SRV_HST, realm, &iprop_svc_principal);
+ retval = sn2princ_realm(kpropd_context, NULL, KIPROP_SVC_NAME, realm,
+ &iprop_svc_principal);
if (retval) {
com_err(progname, retval,
_("while trying to construct host service principal"));
@@ -1176,8 +1148,8 @@ parse_args(char **argv)
}
/* Construct service name from local hostname. */
- retval = sn2princ_with_realm(kpropd_context, NULL, KPROP_SERVICE_NAME,
- KRB5_NT_SRV_HST, realm, &server);
+ retval = sn2princ_realm(kpropd_context, NULL, KPROP_SERVICE_NAME, realm,
+ &server);
if (retval) {
com_err(progname, retval,
_("while trying to construct my service name"));
More information about the cvs-krb5
mailing list