another public api question
kermit-support@columbia.edu
kermit-support at columbia.edu
Tue Apr 16 21:57:00 EDT 2002
>
> > caller is that the functionality which auto-corrects for Realm
>
> Doesn't that only work for local-profile entries anyway? A quick look
> at the code snippet you posted didn't indicate any support for
> DNS-based (draft-ietf-krb-wg-krb-dns-locate-02) records...
>
I excluded the code that handles DNS records to avoid a tangent on the
security implications of performing that lookup. Since you bring it
up here is the complete code snippet:
/* This code is going to take the realm and attempt to correct */
/* the case. */
{
profile_t profile;
code = krb5_get_profile(kcontext, &profile);
if ( !code ) {
const char *names[4];
char ** realms;
int found = 0;
names[0] = "realms";
names[1] = NULL;
code = profile_get_subsection_names(profile,names,&realms);
if ( code == 0 ) {
int i=0;
while ( realms[i] ) {
if (ckstrcmp(realm,realms[i],-1,0) == 0) {
strcpy(realm,realms[i]);
found = 1;
break;
}
i++;
}
}
#iffdef CK_DNS_SRV
if ( !found ) {
char * dns_realm = NULL;
/* We did not find the realm in the profile so let's tryDNS */
locate_txt_rr("_kerberos",realm,&dns_realm);
if ( dns_realm &&
ckstrcmp(realm,dns_realm,-1,0) == 0 &&
ckstrcmp(realm,dns_realm,-1,1) != 0
) {
ckstrncpy(realm,dns_realm,256);
free(dns_realm);
}
}
#endif /* CK_DNS_SRV */
}
if (init->realm &&
ckstrcmp(realm,init->realm,-1,0) == 0 &&
ckstrcmp(realm,init->realm,-1,1) != 0)
strcpy(init->realm,realm);
if (ckstrcmp(realm,krb5_d_realm,-1,0) == 0 &&
ckstrcmp(realm,krb5_d_realm,-1,1) != 0)
strcpy(krb5_d_realm,realm);
}
Jeffrey Altman * Sr.Software Designer Kermit 95 1.1.21 available now!!!
The Kermit Project @ Columbia University SSH plus Telnet, FTP and HTTP
http://www.kermit-project.org/ secured with Kerberos, SRP, and
kermit-support at columbia.edu OpenSSL.
More information about the krbdev
mailing list