6 # they have been reticent to add such support. It is possible that |
6 # they have been reticent to add such support. It is possible that |
7 # support for this may be introduced at a later time at which point we |
7 # support for this may be introduced at a later time at which point we |
8 # should look at modifying/deleting this patch. |
8 # should look at modifying/deleting this patch. |
9 # Patch source: in-house |
9 # Patch source: in-house |
10 # |
10 # |
11 diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c |
|
12 --- a/src/kadmin/cli/kadmin.c |
11 --- a/src/kadmin/cli/kadmin.c |
13 +++ b/src/kadmin/cli/kadmin.c |
12 +++ b/src/kadmin/cli/kadmin.c |
14 @@ -255,7 +255,7 @@ kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out) |
13 @@ -255,7 +255,7 @@ kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out) |
15 char **db_args = NULL; |
14 char **db_args = NULL; |
16 int db_args_size = 0; |
15 int db_args_size = 0; |
70 } |
69 } |
71 + free_srv_names(svcnames); |
70 + free_srv_names(svcnames); |
72 if (retval) { |
71 if (retval) { |
73 com_err(whoami, retval, _("while initializing %s interface"), whoami); |
72 com_err(whoami, retval, _("while initializing %s interface"), whoami); |
74 if (retval == KADM5_BAD_CLIENT_PARAMS || |
73 if (retval == KADM5_BAD_CLIENT_PARAMS || |
75 diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h |
|
76 --- a/src/lib/kadm5/admin.h |
74 --- a/src/lib/kadm5/admin.h |
77 +++ b/src/lib/kadm5/admin.h |
75 +++ b/src/lib/kadm5/admin.h |
78 @@ -345,6 +345,51 @@ kadm5_ret_t kadm5_init_with_creds(krb5_context context, |
76 @@ -345,6 +345,51 @@ kadm5_ret_t kadm5_init_with_creds(krb5_context context, |
79 krb5_ui_4 api_version, |
77 krb5_ui_4 api_version, |
80 char **db_args, |
78 char **db_args, |
125 + void **server_handle); |
123 + void **server_handle); |
126 + |
124 + |
127 kadm5_ret_t kadm5_lock(void *server_handle); |
125 kadm5_ret_t kadm5_lock(void *server_handle); |
128 kadm5_ret_t kadm5_unlock(void *server_handle); |
126 kadm5_ret_t kadm5_unlock(void *server_handle); |
129 kadm5_ret_t kadm5_flush(void *server_handle); |
127 kadm5_ret_t kadm5_flush(void *server_handle); |
130 diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c |
|
131 --- a/src/lib/kadm5/clnt/client_init.c |
128 --- a/src/lib/kadm5/clnt/client_init.c |
132 +++ b/src/lib/kadm5/clnt/client_init.c |
129 +++ b/src/lib/kadm5/clnt/client_init.c |
133 @@ -55,7 +55,7 @@ enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS, INIT_ANONYMOUS }; |
130 @@ -55,7 +55,7 @@ enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS, INIT_ANONYMOUS }; |
134 |
131 |
135 static kadm5_ret_t |
132 static kadm5_ret_t |
199 + char *svcnames[2]; |
196 + char *svcnames[2]; |
200 + |
197 + |
201 + svcnames[0] = service_name; |
198 + svcnames[0] = service_name; |
202 + svcnames[1] = NULL; |
199 + svcnames[1] = NULL; |
203 + |
200 + |
204 + return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL, |
201 return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL, |
|
202 - service_name, params, struct_version, api_version, |
205 + svcnames, params, struct_version, api_version, |
203 + svcnames, params, struct_version, api_version, |
206 + db_args, server_handle); |
204 + db_args, server_handle); |
207 +} |
205 +} |
208 + |
206 + |
209 +kadm5_ret_t |
207 +kadm5_ret_t |
210 +kadm5_init_anonymous_mm(krb5_context context, char *client_name, |
208 +kadm5_init_anonymous_mm(krb5_context context, char *client_name, |
211 + char **svcnames, kadm5_config_params *params, |
209 + char **svcnames, kadm5_config_params *params, |
212 + krb5_ui_4 struct_version, krb5_ui_4 api_version, |
210 + krb5_ui_4 struct_version, krb5_ui_4 api_version, |
213 + char **db_args, void **server_handle) |
211 + char **db_args, void **server_handle) |
214 +{ |
212 +{ |
215 return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL, |
213 + return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL, |
216 - service_name, params, struct_version, api_version, |
|
217 + svcnames, params, struct_version, api_version, |
214 + svcnames, params, struct_version, api_version, |
218 db_args, server_handle); |
215 db_args, server_handle); |
219 } |
216 } |
220 |
217 |
221 @@ -121,7 +171,23 @@ kadm5_init(krb5_context context, char *client_name, char *pass, |
218 @@ -121,7 +171,23 @@ kadm5_init(krb5_context context, char *client_name, char *pass, |
353 + svcname_ptr = kadmin_srv_names; |
350 + svcname_ptr = kadmin_srv_names; |
354 + } |
351 + } |
355 + } else { |
352 + } else { |
356 + svcname_ptr = svcnames_in; |
353 + svcname_ptr = svcnames_in; |
357 + } |
354 + } |
358 + |
355 |
|
356 - code = kadm5_get_adm_host_srv_names(context, handle->params.realm, |
|
357 - &kadmin_srv_names); |
|
358 - if (code) |
|
359 - goto error; |
|
360 - svcname = strdup(kadmin_srv_names[0]); |
|
361 - free_srv_names(kadmin_srv_names); |
|
362 - if (svcname == NULL) { |
|
363 - code = ENOMEM; |
|
364 - goto error; |
|
365 - } |
359 + for (i = 0; svcname_ptr[i]; i++) { |
366 + for (i = 0; svcname_ptr[i]; i++) { |
360 + /* Get credentials. */ |
367 + /* Get credentials. */ |
361 + code = get_init_creds(handle, client, init_type, pass, ccache_in, |
368 + code = get_init_creds(handle, client, init_type, pass, ccache_in, |
362 + svcname_ptr[i], handle->params.realm, &server); |
369 + svcname_ptr[i], handle->params.realm, &server); |
363 + if (code) { |
370 + if (code) { |
367 + clean_up(handle, &server, &ccache); |
374 + clean_up(handle, &server, &ccache); |
368 + continue; |
375 + continue; |
369 + } else |
376 + } else |
370 + goto error; |
377 + goto error; |
371 + } |
378 + } |
372 |
379 + |
373 - code = kadm5_get_adm_host_srv_names(context, handle->params.realm, |
|
374 - &kadmin_srv_names); |
|
375 - if (code) |
|
376 - goto error; |
|
377 - svcname = strdup(kadmin_srv_names[0]); |
|
378 - free_srv_names(kadmin_srv_names); |
|
379 - if (svcname == NULL) { |
|
380 - code = ENOMEM; |
|
381 - goto error; |
|
382 - } |
|
383 + code = _kadm5_initialize_rpcsec_gss_handle(handle, client_name, |
380 + code = _kadm5_initialize_rpcsec_gss_handle(handle, client_name, |
384 + svcname_ptr[i]); |
381 + svcname_ptr[i]); |
385 + if (code) { |
382 + if (code) { |
386 + /* clean up for another go around */ |
383 + /* clean up for another go around */ |
387 + clean_up(handle, &server, &ccache); |
384 + clean_up(handle, &server, &ccache); |
500 - code = gic_iter(handle, init_type, ccache, client, pass, svcbuf, realm, |
497 - code = gic_iter(handle, init_type, ccache, client, pass, svcbuf, realm, |
501 + code = gic_iter(handle, init_type, ccache, client, pass, svcname, realm, |
498 + code = gic_iter(handle, init_type, ccache, client, pass, svcname, realm, |
502 server_out); |
499 server_out); |
503 /* Improved error messages */ |
500 /* Improved error messages */ |
504 if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD; |
501 if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD; |
505 diff --git a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports |
|
506 --- a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports |
502 --- a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports |
507 +++ b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports |
503 +++ b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports |
508 @@ -31,6 +31,11 @@ kadm5_init_krb5_context |
504 @@ -31,6 +31,11 @@ kadm5_init_krb5_context |
509 kadm5_init_with_creds |
505 kadm5_init_with_creds |
510 kadm5_init_with_password |
506 kadm5_init_with_password |
515 +kadm5_init_with_password_mm |
511 +kadm5_init_with_password_mm |
516 +kadm5_init_with_skey_mm |
512 +kadm5_init_with_skey_mm |
517 kadm5_lock |
513 kadm5_lock |
518 kadm5_modify_policy |
514 kadm5_modify_policy |
519 kadm5_modify_principal |
515 kadm5_modify_principal |
520 diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c |
|
521 --- a/src/lib/kadm5/srv/server_init.c |
516 --- a/src/lib/kadm5/srv/server_init.c |
522 +++ b/src/lib/kadm5/srv/server_init.c |
517 +++ b/src/lib/kadm5/srv/server_init.c |
523 @@ -97,6 +97,29 @@ kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, |
518 @@ -97,6 +97,29 @@ kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, |
524 server_handle); |
519 server_handle); |
525 } |
520 } |
613 +} |
608 +} |
614 + |
609 + |
615 kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, |
610 kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, |
616 char *service_name, |
611 char *service_name, |
617 kadm5_config_params *params_in, |
612 kadm5_config_params *params_in, |
618 diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c |
|
619 --- a/src/slave/kpropd.c |
613 --- a/src/slave/kpropd.c |
620 +++ b/src/slave/kpropd.c |
614 +++ b/src/slave/kpropd.c |
621 @@ -613,7 +613,7 @@ do_iprop() |
615 @@ -613,7 +613,7 @@ do_iprop() |
622 kadm5_ret_t retval; |
616 kadm5_ret_t retval; |
623 krb5_principal iprop_svc_principal; |
617 krb5_principal iprop_svc_principal; |