| author | Shawn Emery <shawn.emery@oracle.com> |
| Wed, 11 May 2016 20:33:52 -0700 | |
| changeset 5969 | 96bac9fbcfbd |
| parent 5490 | 9bf0bc57423a |
| child 5986 | bab15c34f645 |
| permissions | -rw-r--r-- |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
1 |
# |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
2 |
# This patch provides interfaces and functionality for the pam_krb5 module |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
3 |
# and for other libkadm5clnt dependents, such as AK. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
4 |
# |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
5 |
# Note: MIT may be interested in a public form of k5_get_init_creds_password |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
6 |
# as the function returns the AS-REP, which can be used to glean key expiration, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
7 |
# among others. A subsequent RFE-ticket will be filed for MIT. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
8 |
# |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
9 |
# Note: MIT may decide to choose a different front-end support for multi-master |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
10 |
# configuration via kadm5_get_adm_host_srv_names, instead of using |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
11 |
# kadm5_get_admin_service_name, which returns the kadmin/<fqhn> form instead of |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
12 |
# of kadmin@<fqhn> for instance. In any case, a design such as this should be |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
13 |
# presented to MIT. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
14 |
# Patch source: in-house |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
15 |
# |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
16 |
diff -pur old/src/lib/kadm5/clnt/client_init.c new/src/lib/kadm5/clnt/client_init.c |
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
17 |
--- no-032/src/lib/kadm5/clnt/client_init.c 2016-03-28 14:25:17.265078167 -0600 |
|
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
18 |
+++ 032/src/lib/kadm5/clnt/client_init.c 2016-03-28 14:27:42.301681052 -0600 |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
19 |
@@ -299,7 +299,7 @@ _kadm5_initialize_rpcsec_gss_handle(kadm |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
20 |
{
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
21 |
int code = 0; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
22 |
generic_ret *r; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
23 |
- char *ccname_orig = NULL; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
24 |
+ const char *ccname_orig = NULL; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
25 |
char *iprop_svc; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
26 |
boolean_t iprop_enable = B_FALSE; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
27 |
char mech[] = "kerberos_v5"; |
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
28 |
@@ -317,15 +317,13 @@ _kadm5_initialize_rpcsec_gss_handle(kadm |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
29 |
int port; |
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
30 |
struct timeval timeout; |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
31 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
32 |
- /* service name is service/host */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
33 |
- server = strpbrk(service_name, "/"); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
34 |
+ /* service name is service@host */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
35 |
+ server = strpbrk(service_name, "@"); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
36 |
if (!server) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
37 |
code = KADM5_BAD_SERVER_NAME; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
38 |
goto cleanup; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
39 |
} |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
40 |
- |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
41 |
- /* but rpc_gss_secreate expects service@host */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
42 |
- *server++ = '@'; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
43 |
+ server++; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
44 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
45 |
iprop_svc = strdup(KIPROP_SVC_NAME); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
46 |
if (iprop_svc == NULL) |
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
47 |
@@ -516,7 +514,7 @@ cleanup: |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
48 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
49 |
static kadm5_ret_t |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
50 |
init_any(krb5_context context, char *client_name, enum init_type init_type, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
51 |
- char *pass, krb5_ccache ccache_in, char *svcname_in, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
52 |
+ char *pass, krb5_ccache ccache_in, char *svcname, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
53 |
kadm5_config_params *params_in, krb5_ui_4 struct_version, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
54 |
krb5_ui_4 api_version, char **db_args, void **server_handle) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
55 |
{
|
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
56 |
@@ -534,7 +532,6 @@ init_any(krb5_context context, char *cli |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
57 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
58 |
int code = 0; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
59 |
generic_ret *r; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
60 |
- char svcname[BUFSIZ]; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
61 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
62 |
initialize_ovk_error_table(); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
63 |
/* initialize_adb_error_table(); */ |
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
64 |
@@ -603,15 +600,19 @@ init_any(krb5_context context, char *cli |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
65 |
goto error; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
66 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
67 |
/* NULL svcname means use host-based. */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
68 |
- if (svcname_in == NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
69 |
- code = kadm5_get_admin_service_name(handle->context, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
70 |
- handle->params.realm, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
71 |
- svcname, sizeof(svcname)); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
72 |
+ if (svcname == NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
73 |
+ char **kadmin_srv_names; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
74 |
+ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
75 |
+ code = kadm5_get_adm_host_srv_names(context, handle->params.realm, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
76 |
+ &kadmin_srv_names); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
77 |
if (code) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
78 |
goto error; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
79 |
- } else {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
80 |
- strncpy(svcname, svcname_in, sizeof(svcname)); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
81 |
- svcname[sizeof(svcname)-1] = '\0'; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
82 |
+ svcname = strdup(kadmin_srv_names[0]); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
83 |
+ free_srv_names(kadmin_srv_names); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
84 |
+ if (svcname == NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
85 |
+ code = ENOMEM; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
86 |
+ goto error; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
87 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
88 |
} |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
89 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
90 |
/* Get credentials. */ |
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
91 |
@@ -666,14 +667,52 @@ cleanup: |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
92 |
static kadm5_ret_t |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
93 |
get_init_creds(kadm5_server_handle_t handle, krb5_principal client, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
94 |
enum init_type init_type, char *pass, krb5_ccache ccache_in, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
95 |
- char *svcname, char *realm, krb5_principal *server_out) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
96 |
+ char *svcname_in, char *realm, krb5_principal *server_out) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
97 |
{
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
98 |
kadm5_ret_t code; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
99 |
krb5_ccache ccache = NULL; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
100 |
+ krb5_principal cprinc; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
101 |
+ char svcbuf[BUFSIZ], *service, *host, *svcname, *save; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
102 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
103 |
*server_out = NULL; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
104 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
105 |
/* |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
106 |
+ * Convert the RPCSEC_GSS version to the host based version as this |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
107 |
+ * is what gic expects. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
108 |
+ */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
109 |
+ if ((svcname = strdup(svcname_in)) == NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
110 |
+ code = ENOMEM; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
111 |
+ goto error; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
112 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
113 |
+ if ((service = strtok_r(svcname, "@", &save)) != NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
114 |
+ if ((host = strtok_r(NULL, "@", &save)) != NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
115 |
+ char *str = NULL; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
116 |
+ /* |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
117 |
+ * We want the canonical name here, via sname_to_principal. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
118 |
+ */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
119 |
+ code = krb5_sname_to_principal(handle->context, host, service, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
120 |
+ KRB5_NT_SRV_HST, &cprinc); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
121 |
+ if (code) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
122 |
+ free(svcname); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
123 |
+ goto error; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
124 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
125 |
+ code = krb5_unparse_name_flags(handle->context, cprinc, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
126 |
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM, &str); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
127 |
+ krb5_free_principal(handle->context, cprinc); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
128 |
+ if (code) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
129 |
+ free(svcname); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
130 |
+ goto error; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
131 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
132 |
+ (void) strncpy(svcbuf, str, sizeof(svcbuf)); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
133 |
+ krb5_free_unparsed_name(handle->context, str); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
134 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
135 |
+ } else {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
136 |
+ strncpy(svcbuf, svcname, sizeof(svcbuf)); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
137 |
+ svcbuf[sizeof(svcname)-1] = '\0'; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
138 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
139 |
+ free(svcname); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
140 |
+ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
141 |
+ /* |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
142 |
* Acquire a service ticket for svcname@realm for client, using password |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
143 |
* pass (which could be NULL), and create a ccache to store them in. If |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
144 |
* INIT_CREDS, use the ccache we were provided instead. |
|
5969
96bac9fbcfbd
PSARC/2016/244 Sync MIT Kerberos to 1.14.2
Shawn Emery <shawn.emery@oracle.com>
parents:
5490
diff
changeset
|
145 |
@@ -708,7 +747,7 @@ get_init_creds(kadm5_server_handle_t han |
|
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
146 |
} |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
147 |
handle->lhandle->cache_name = handle->cache_name; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
148 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
149 |
- code = gic_iter(handle, init_type, ccache, client, pass, svcname, realm, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
150 |
+ code = gic_iter(handle, init_type, ccache, client, pass, svcbuf, realm, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
151 |
server_out); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
152 |
/* Improved error messages */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
153 |
if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
154 |
diff -pur old/src/lib/krb5/krb/gic_pwd.c new/src/lib/krb5/krb/gic_pwd.c |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
155 |
--- old/src/lib/krb5/krb/gic_pwd.c 2015-04-30 01:12:10.560945822 -0600 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
156 |
+++ new/src/lib/krb5/krb/gic_pwd.c 2015-04-30 14:55:26.993611965 -0600 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
157 |
@@ -5,6 +5,17 @@ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
158 |
#include "int-proto.h" |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
159 |
#include "os-proto.h" |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
160 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
161 |
+/* |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
162 |
+ * See the function's definition for the description of this interface. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
163 |
+ */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
164 |
+krb5_error_code |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
165 |
+k5_get_init_creds_password(krb5_context, krb5_creds *, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
166 |
+ krb5_principal, const char *, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
167 |
+ krb5_prompter_fct, void *, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
168 |
+ krb5_deltat, const char *, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
169 |
+ krb5_get_init_creds_opt *, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
170 |
+ krb5_kdc_rep **); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
171 |
+ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
172 |
krb5_error_code |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
173 |
krb5_get_as_key_password(krb5_context context, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
174 |
krb5_principal client, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
175 |
@@ -135,7 +146,7 @@ krb5_init_creds_set_password(krb5_contex |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
176 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
177 |
/* Return the password expiry time indicated by enc_part2. Set *is_last_req |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
178 |
* if the information came from a last_req value. */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
179 |
-static void |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
180 |
+void |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
181 |
get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
182 |
krb5_timestamp *acct_exp, krb5_boolean *is_last_req) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
183 |
{
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
184 |
@@ -288,6 +299,35 @@ krb5_get_init_creds_password(krb5_contex |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
185 |
const char *in_tkt_service, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
186 |
krb5_get_init_creds_opt *options) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
187 |
{
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
188 |
+ /* |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
189 |
+ * We call our own private function that returns the as_reply back to |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
190 |
+ * the caller. This structure contains information, such as |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
191 |
+ * key-expiration and last-req fields. Entities such as pam_krb5 can |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
192 |
+ * use this information to provide account/password expiration warnings. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
193 |
+ * The original "prompter" interface is not granular enough for PAM, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
194 |
+ * as it will perform all passes w/o coordination with other modules. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
195 |
+ */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
196 |
+ return (k5_get_init_creds_password(context, creds, client, password, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
197 |
+ prompter, data, start_time, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
198 |
+ in_tkt_service, options, NULL)); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
199 |
+} |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
200 |
+ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
201 |
+/* |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
202 |
+ * See krb5_get_init_creds_password()'s comments for the justification of this |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
203 |
+ * private function. Caller must free ptr_as_reply if non-NULL. |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
204 |
+ */ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
205 |
+krb5_error_code KRB5_CALLCONV |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
206 |
+k5_get_init_creds_password(krb5_context context, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
207 |
+ krb5_creds *creds, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
208 |
+ krb5_principal client, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
209 |
+ const char *password, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
210 |
+ krb5_prompter_fct prompter, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
211 |
+ void *data, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
212 |
+ krb5_deltat start_time, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
213 |
+ const char *in_tkt_service, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
214 |
+ krb5_get_init_creds_opt *options, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
215 |
+ krb5_kdc_rep **ptr_as_reply) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
216 |
+{
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
217 |
krb5_error_code ret; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
218 |
int use_master; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
219 |
krb5_kdc_rep *as_reply; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
220 |
@@ -503,8 +543,12 @@ cleanup: |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
221 |
memset(pw0array, 0, sizeof(pw0array)); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
222 |
memset(pw1array, 0, sizeof(pw1array)); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
223 |
krb5_free_cred_contents(context, &chpw_creds); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
224 |
- if (as_reply) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
225 |
- krb5_free_kdc_rep(context, as_reply); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
226 |
+ if (as_reply != NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
227 |
+ if (ptr_as_reply == NULL) |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
228 |
+ krb5_free_kdc_rep(context, as_reply); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
229 |
+ else |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
230 |
+ *ptr_as_reply = as_reply; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
231 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
232 |
k5_clear_error(&errsave); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
233 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
234 |
return(ret); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
235 |
diff -pur old/src/slave/kpropd.c new/src/slave/kpropd.c |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
236 |
--- old/src/slave/kpropd.c 2015-04-30 01:12:10.629801044 -0600 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
237 |
+++ new/src/slave/kpropd.c 2015-05-04 14:12:25.818752484 -0600 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
238 |
@@ -640,6 +640,7 @@ do_iprop() |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
239 |
params.realm = def_realm; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
240 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
241 |
if (master_svc_princstr == NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
242 |
+#if 0 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
243 |
retval = kadm5_get_kiprop_host_srv_name(kpropd_context, def_realm, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
244 |
&master_svc_princstr); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
245 |
if (retval) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
246 |
@@ -649,6 +650,27 @@ do_iprop() |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
247 |
progname, def_realm); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
248 |
return retval; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
249 |
} |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
250 |
+#endif |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
251 |
+ char **kiprop_srv_names; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
252 |
+ |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
253 |
+ retval = kadm5_get_kiprop_host_srv_names(kpropd_context, def_realm, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
254 |
+ &kiprop_srv_names); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
255 |
+ if (retval) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
256 |
+ com_err(progname, retval, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
257 |
+ _("%s: unable to get kiprop host based "
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
258 |
+ "service name for realm %s\n"), |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
259 |
+ progname, def_realm); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
260 |
+ return retval; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
261 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
262 |
+ master_svc_princstr = strdup(kiprop_srv_names[0]); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
263 |
+ free_srv_names(kiprop_srv_names); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
264 |
+ if (master_svc_princstr == NULL) {
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
265 |
+ com_err(progname, retval, |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
266 |
+ _("%s: unable to allocate memory for kiprop host based "
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
267 |
+ "service name for realm %s\n"), |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
268 |
+ progname, def_realm); |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
269 |
+ return ENOMEM; |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
270 |
+ } |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
271 |
} |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
272 |
|
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
273 |
retval = krb5_sname_to_principal(kpropd_context, NULL, KIPROP_SVC_NAME, |