another ldap bug
Will Fiveash
William.Fiveash at sun.com
Mon Jun 5 18:35:35 EDT 2006
On Mon, Jun 05, 2006 at 05:00:12PM -0500, Will Fiveash wrote:
> On Mon, Jun 05, 2006 at 04:13:38PM -0500, Will Fiveash wrote:
> > Another issue; just after the assert() I see:
> >
> > snprintf(princ_name, sizeof(princ_name), "kadmin/%s@%s", hp->h_name, global_params.realm);
> >
> > Isn't this presumptuous in regards to the hostname used when doing this
> > on a multi-homed system?
>
> As I get further I realize that on my Solaris system:
>
> gethostbyname(localname);
>
> sets hp->h_name to the first component of a FQDN. So on my Solaris box
> my FQDN is foo.sun.com, hp->h_name == foo. The result is that the
> snprintf() above creates the princ kadmin/foo at ACME.COM.
>
> This needs to be fixed. Perhaps a call to krb5_sname_to_principal()
> would be better?
For example:
if (retval = krb5_sname_to_principal(context, NULL, "kadmin", KRB5_NT_SRV_HST, &p)) {
com_err(argv[0], retval, "while adding entries to the database");
goto err_nomsg;
}
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
krb5_free_principal(util_context, p);
com_err(argv[0], retval, "while adding entries to the database");
goto err_nomsg;
}
krb5_free_principal(util_context, p);
etc...
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list