author | Will Fiveash <will.fiveash@oracle.com> |
Wed, 24 Feb 2016 10:43:57 -0600 | |
changeset 5490 | 9bf0bc57423a |
child 6599 | 1d033832c5e7 |
permissions | -rw-r--r-- |
5490
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
1 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
2 |
# This patch provides support for Solaris interfaces in krb5.conf and kdc.conf |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
3 |
# files for auth_to_local_realm and kdc_max_tcp_connections. |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
4 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
5 |
# Note: MIT may be interested in these configuration options though they may |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
6 |
# want a more dynamic solution for handling maximum RPC and TCP connections |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
7 |
# through kdc_max_tcp_connections. |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
8 |
# Patch source: in-house |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
9 |
# |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
10 |
diff -pur old/src/include/k5-int.h new/src/include/k5-int.h |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
11 |
--- old/src/include/k5-int.h 2015-06-03 16:56:30.904839037 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
12 |
+++ new/src/include/k5-int.h 2015-06-07 21:27:29.766113292 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
13 |
@@ -263,6 +263,7 @@ typedef unsigned char u_char; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
14 |
#define KRB5_CONF_MASTER_KEY_TYPE "master_key_type" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
15 |
#define KRB5_CONF_MAX_LIFE "max_life" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
16 |
#define KRB5_CONF_MAX_RENEWABLE_LIFE "max_renewable_life" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
17 |
+#define KRB5_CONF_MAX_TCP_CONNECTIONS "kdc_max_tcp_connections" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
18 |
#define KRB5_CONF_MODULE "module" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
19 |
#define KRB5_CONF_NOADDRESSES "noaddresses" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
20 |
#define KRB5_CONF_NO_HOST_REFERRAL "no_host_referral" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
21 |
diff -pur old/src/include/net-server.h new/src/include/net-server.h |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
22 |
--- old/src/include/net-server.h 2015-06-03 16:56:30.911020661 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
23 |
+++ new/src/include/net-server.h 2015-06-07 00:39:54.939610507 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
24 |
@@ -52,6 +52,7 @@ krb5_error_code loop_setup_network(verto |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
25 |
krb5_error_code loop_setup_signals(verto_ctx *ctx, void *handle, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
26 |
void (*reset)()); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
27 |
void loop_free(verto_ctx *ctx); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
28 |
+void setup_kdc_options(krb5_int32); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
29 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
30 |
/* to be supplied by the server application */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
31 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
32 |
diff -pur old/src/include/osconf.hin new/src/include/osconf.hin |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
33 |
--- old/src/include/osconf.hin 2015-06-03 16:56:30.905987490 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
34 |
+++ new/src/include/osconf.hin 2015-06-06 00:24:02.109378599 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
35 |
@@ -94,6 +94,10 @@ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
36 |
#define DEFAULT_KDC_UDP_PORTLIST "88,750" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
37 |
#define DEFAULT_KDC_TCP_PORTLIST "88" |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
38 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
39 |
+/* control # of kdc tcp connection */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
40 |
+#define DEFAULT_KDC_TCP_CONNECTIONS 45 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
41 |
+#define MIN_KDC_TCP_CONNECTIONS 10 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
42 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
43 |
/* |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
44 |
* Defaults for the KADM5 admin system. |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
45 |
*/ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
46 |
diff -pur old/src/kdc/main.c new/src/kdc/main.c |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
47 |
--- old/src/kdc/main.c 2015-06-03 16:56:30.884798447 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
48 |
+++ new/src/kdc/main.c 2015-06-07 00:42:33.937821705 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
49 |
@@ -203,7 +203,8 @@ static krb5_error_code |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
50 |
init_realm(kdc_realm_t *rdp, krb5_pointer aprof, char *realm, char *def_mpname, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
51 |
krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
52 |
krb5_boolean def_manual, krb5_boolean def_restrict_anon, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
53 |
- char **db_args, char *no_referral, char *hostbased) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
54 |
+ char **db_args, char *no_referral, char *hostbased, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
55 |
+ krb5_int32 def_max_tcp) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
56 |
{ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
57 |
krb5_error_code kret; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
58 |
krb5_boolean manual; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
59 |
@@ -260,6 +261,8 @@ init_realm(kdc_realm_t *rdp, krb5_pointe |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
60 |
kret = ENOMEM; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
61 |
goto whoops; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
62 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
63 |
+ rdp->realm_max_tcp = def_max_tcp; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
64 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
65 |
/* Handle stash file */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
66 |
hierarchy[2] = KRB5_CONF_KEY_STASH_FILE; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
67 |
if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_stash)) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
68 |
@@ -621,6 +624,7 @@ initialize_realms(krb5_context kcontext, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
69 |
char *hostbased = NULL; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
70 |
int db_args_size = 0; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
71 |
char **db_args = NULL; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
72 |
+ krb5_int32 default_max_tcp; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
73 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
74 |
extern char *optarg; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
75 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
76 |
@@ -633,6 +637,13 @@ initialize_realms(krb5_context kcontext, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
77 |
hierarchy[1] = KRB5_CONF_KDC_TCP_PORTS; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
78 |
if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports)) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
79 |
default_tcp_ports = 0; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
80 |
+ hierarchy[1] = KRB5_CONF_MAX_TCP_CONNECTIONS; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
81 |
+ if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
82 |
+ &default_max_tcp)) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
83 |
+ default_max_tcp = DEFAULT_KDC_TCP_CONNECTIONS; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
84 |
+ } else if (default_max_tcp < MIN_KDC_TCP_CONNECTIONS) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
85 |
+ default_max_tcp = DEFAULT_KDC_TCP_CONNECTIONS; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
86 |
+ } |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
87 |
hierarchy[1] = KRB5_CONF_KDC_MAX_DGRAM_REPLY_SIZE; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
88 |
if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size)) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
89 |
max_dgram_reply_size = MAX_DGRAM_SIZE; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
90 |
@@ -694,7 +705,8 @@ initialize_realms(krb5_context kcontext, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
91 |
menctype, default_udp_ports, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
92 |
default_tcp_ports, manual, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
93 |
def_restrict_anon, db_args, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
94 |
- no_referral, hostbased); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
95 |
+ no_referral, hostbased, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
96 |
+ default_max_tcp); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
97 |
if (retval) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
98 |
fprintf(stderr, _("%s: cannot initialize realm %s - " |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
99 |
"see log file for details\n"), |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
100 |
@@ -811,7 +823,7 @@ initialize_realms(krb5_context kcontext, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
101 |
retval = init_realm(rdatap, aprof, lrealm, mkey_name, menctype, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
102 |
default_udp_ports, default_tcp_ports, manual, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
103 |
def_restrict_anon, db_args, no_referral, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
104 |
- hostbased); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
105 |
+ hostbased, default_max_tcp); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
106 |
if (retval) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
107 |
fprintf(stderr, _("%s: cannot initialize realm %s - see log " |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
108 |
"file for details\n"), argv[0], lrealm); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
109 |
@@ -967,6 +979,9 @@ int main(int argc, char **argv) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
110 |
return 1; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
111 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
112 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
113 |
+ /* Guaranteed to have at least one realm, which is fed the def options */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
114 |
+ setup_kdc_options(shandle.kdc_realmlist[0]->realm_max_tcp); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
115 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
116 |
/* Handle each realm's ports */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
117 |
for (i=0; i< shandle.kdc_numrealms; i++) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
118 |
char *cp = shandle.kdc_realmlist[i]->realm_ports; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
119 |
diff -pur old/src/kdc/realm_data.h new/src/kdc/realm_data.h |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
120 |
--- old/src/kdc/realm_data.h 2015-06-03 16:56:30.885907080 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
121 |
+++ new/src/kdc/realm_data.h 2015-06-06 22:52:44.710060227 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
122 |
@@ -66,6 +66,7 @@ typedef struct __kdc_realm_data { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
123 |
*/ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
124 |
char *realm_ports; /* Per-realm KDC UDP port */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
125 |
char *realm_tcp_ports; /* Per-realm KDC TCP port */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
126 |
+ krb5_int32 realm_max_tcp; /* Maximum TCP connections allowed */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
127 |
/* |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
128 |
* Per-realm parameters. |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
129 |
*/ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
130 |
diff -pur old/src/lib/apputils/net-server.c new/src/lib/apputils/net-server.c |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
131 |
--- old/src/lib/apputils/net-server.c 2015-06-03 16:56:31.835537747 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
132 |
+++ new/src/lib/apputils/net-server.c 2015-06-07 01:17:20.123103672 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
133 |
@@ -345,6 +345,12 @@ loop_add_tcp_port(int port) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
134 |
return 0; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
135 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
136 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
137 |
+void |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
138 |
+setup_kdc_options(krb5_int32 max_tcp) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
139 |
+{ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
140 |
+ max_tcp_or_rpc_data_connections = max_tcp; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
141 |
+} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
142 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
143 |
krb5_error_code |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
144 |
loop_add_rpc_service(int port, u_long prognum, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
145 |
u_long versnum, void (*dispatchfn)()) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
146 |
diff -pur old/src/lib/krb5/os/localauth.c new/src/lib/krb5/os/localauth.c |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
147 |
--- old/src/lib/krb5/os/localauth.c 2015-06-03 16:56:31.860283075 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
148 |
+++ new/src/lib/krb5/os/localauth.c 2015-06-03 22:18:21.968345429 -0600 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
149 |
@@ -258,6 +258,49 @@ parse_mapping_value(const char *value, c |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
150 |
return 0; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
151 |
} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
152 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
153 |
+/* |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
154 |
+ * Return true (1) if the princ's realm matches any of the |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
155 |
+ * 'auth_to_local_realm' relations in the default realm section. |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
156 |
+ */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
157 |
+static int |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
158 |
+an_to_ln_realm_chk( |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
159 |
+ krb5_context context, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
160 |
+ krb5_const_principal aname, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
161 |
+ char *def_realm) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
162 |
+{ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
163 |
+ char **values, **cpp; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
164 |
+ const char *realm_names[4]; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
165 |
+ krb5_error_code retval; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
166 |
+ unsigned int realm_length = krb5_princ_realm(context, aname)->length; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
167 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
168 |
+ realm_names[0] = "realms"; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
169 |
+ realm_names[1] = def_realm; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
170 |
+ realm_names[2] = "auth_to_local_realm"; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
171 |
+ realm_names[3] = 0; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
172 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
173 |
+ if (context->profile == 0) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
174 |
+ return (0); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
175 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
176 |
+ retval = profile_get_values(context->profile, realm_names, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
177 |
+ &values); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
178 |
+ if (retval) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
179 |
+ return (0); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
180 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
181 |
+ for (cpp = values; *cpp; cpp++) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
182 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
183 |
+ if (((size_t) realm_length == strlen(*cpp)) && |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
184 |
+ (memcmp(*cpp, krb5_princ_realm(context, aname)->data, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
185 |
+ realm_length) == 0)) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
186 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
187 |
+ profile_free_list(values); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
188 |
+ return (1); /* success */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
189 |
+ } |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
190 |
+ } |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
191 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
192 |
+ profile_free_list(values); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
193 |
+ return (0); |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
194 |
+} |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
195 |
+ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
196 |
/* Apply the default an2ln method, which translates name@defaultrealm or |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
197 |
* name/defaultrealm@defaultrealm to name. */ |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
198 |
static krb5_error_code |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
199 |
@@ -274,7 +317,8 @@ an2ln_default(krb5_context context, krb5 |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
200 |
if (ret) |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
201 |
return KRB5_LNAME_NOTRANS; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
202 |
|
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
203 |
- if (!data_eq_string(aname->realm, def_realm)) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
204 |
+ if (!data_eq_string(aname->realm, def_realm) && !an_to_ln_realm_chk(context, |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
205 |
+ aname, def_realm)) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
206 |
ret = KRB5_LNAME_NOTRANS; |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
207 |
} else if (aname->length == 2) { |
9bf0bc57423a
PSARC/2015/144 Kerberos 1.13 Delivery to Userland
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
208 |
/* Allow a second component if it is the local realm. */ |