6 # they have been reticent to add such support. It is possible that |
6 # they have been reticent to add such support. It is possible that |
7 # support for this may be introduced at a later time at which point we |
7 # support for this may be introduced at a later time at which point we |
8 # should look at modifying/deleting this patch. |
8 # should look at modifying/deleting this patch. |
9 # Patch source: in-house |
9 # Patch source: in-house |
10 # |
10 # |
11 diff -pur new/src/kadmin/cli/kadmin.c old/src/kadmin/cli/kadmin.c |
11 diff -u -r old/src/kadmin/cli/kadmin.c new/src/kadmin/cli/kadmin.c |
12 --- old/src/kadmin/cli/kadmin.c 2016-03-31 16:44:43.282366236 -0700 |
12 --- old/src/kadmin/cli/kadmin.c 2015-05-28 15:10:45.129616302 -0500 |
13 +++ patched/src/kadmin/cli/kadmin.c 2016-03-31 19:24:20.929551275 -0700 |
13 +++ new/src/kadmin/cli/kadmin.c 2015-05-29 13:32:41.901105712 -0500 |
14 @@ -255,7 +255,7 @@ kadmin_startup(int argc, char *argv[], c |
14 @@ -268,7 +268,7 @@ |
15 char **db_args = NULL; |
15 char **db_args = NULL; |
16 int db_args_size = 0; |
16 int db_args_size = 0; |
17 char *db_name = NULL; |
17 char *db_name = NULL; |
18 - char *svcname, *realm; |
18 - char *svcname, *realm; |
19 + char **svcnames = NULL, *realm; |
19 + char **svcnames = NULL, *realm; |
20 |
20 |
21 memset(¶ms, 0, sizeof(params)); |
21 memset(¶ms, 0, sizeof(params)); |
22 |
22 |
23 @@ -370,11 +370,6 @@ kadmin_startup(int argc, char *argv[], c |
23 @@ -380,11 +380,6 @@ |
24 params.mask |= KADM5_CONFIG_REALM; |
24 params.mask |= KADM5_CONFIG_REALM; |
25 params.realm = def_realm; |
25 params.realm = def_realm; |
26 |
26 |
27 - if (params.mask & KADM5_CONFIG_OLD_AUTH_GSSAPI) |
27 - if (params.mask & KADM5_CONFIG_OLD_AUTH_GSSAPI) |
28 - svcname = KADM5_ADMIN_SERVICE; |
28 - svcname = KADM5_ADMIN_SERVICE; |
30 - svcname = NULL; |
30 - svcname = NULL; |
31 - |
31 - |
32 /* |
32 /* |
33 * Set cc to an open credentials cache, either specified by the -c |
33 * Set cc to an open credentials cache, either specified by the -c |
34 * argument or the default. |
34 * argument or the default. |
35 @@ -503,13 +498,14 @@ kadmin_startup(int argc, char *argv[], c |
35 @@ -515,13 +510,15 @@ |
36 if (ccache_name) { |
36 if (ccache_name) { |
37 info(_("Authenticating as principal %s with existing " |
37 printf(_("Authenticating as principal %s with existing " |
38 "credentials.\n"), princstr); |
38 "credentials.\n"), princstr); |
39 - retval = kadm5_init_with_creds(context, princstr, cc, svcname, ¶ms, |
39 - retval = kadm5_init_with_creds(context, princstr, cc, svcname, ¶ms, |
40 + retval = kadm5_init_with_creds_mm(context, princstr, cc, svcnames, |
40 + retval = kadm5_init_with_creds_mm(context, princstr, cc, svcnames, |
41 + ¶ms, |
41 + ¶ms, |
42 KADM5_STRUCT_VERSION, |
42 KADM5_STRUCT_VERSION, |
43 KADM5_API_VERSION_4, db_args, &handle); |
43 KADM5_API_VERSION_4, db_args, &handle); |
44 } else if (use_anonymous) { |
44 } else if (use_anonymous) { |
45 info(_("Authenticating as principal %s with password; " |
45 printf(_("Authenticating as principal %s with password; " |
46 "anonymous requested.\n"), princstr); |
46 "anonymous requested.\n"), princstr); |
47 - retval = kadm5_init_anonymous(context, princstr, svcname, ¶ms, |
47 - retval = kadm5_init_anonymous(context, princstr, svcname, ¶ms, |
48 + retval = kadm5_init_anonymous_mm(context, princstr, svcnames, ¶ms, |
48 + retval = kadm5_init_anonymous_mm(context, princstr, svcnames, |
|
49 + ¶ms, |
49 KADM5_STRUCT_VERSION, |
50 KADM5_STRUCT_VERSION, |
50 KADM5_API_VERSION_4, db_args, &handle); |
51 KADM5_API_VERSION_4, db_args, &handle); |
51 } else if (use_keytab) { |
52 } else if (use_keytab) { |
52 @@ -520,17 +516,20 @@ kadmin_startup(int argc, char *argv[], c |
53 @@ -531,17 +528,20 @@ |
53 info(_("Authenticating as principal %s with default keytab.\n"), |
54 else |
54 princstr); |
55 printf(_("Authenticating as principal %s with default keytab.\n"), |
55 } |
56 princstr); |
56 - retval = kadm5_init_with_skey(context, princstr, keytab_name, svcname, |
57 - retval = kadm5_init_with_skey(context, princstr, keytab_name, svcname, |
57 + retval = kadm5_init_with_skey_mm(context, princstr, keytab_name, |
58 + retval = kadm5_init_with_skey_mm(context, princstr, keytab_name, |
58 + svcnames, |
59 + svcnames, |
59 ¶ms, KADM5_STRUCT_VERSION, |
60 ¶ms, KADM5_STRUCT_VERSION, |
60 KADM5_API_VERSION_4, db_args, &handle); |
61 KADM5_API_VERSION_4, db_args, &handle); |
61 } else { |
62 } else { |
62 info(_("Authenticating as principal %s with password.\n"), |
63 printf(_("Authenticating as principal %s with password.\n"), |
63 princstr); |
64 princstr); |
64 - retval = kadm5_init_with_password(context, princstr, password, svcname, |
65 - retval = kadm5_init_with_password(context, princstr, password, svcname, |
65 + retval = kadm5_init_with_password_mm(context, princstr, password, |
66 + retval = kadm5_init_with_password_mm(context, princstr, password, |
66 + svcnames, |
67 + svcnames, |
67 ¶ms, KADM5_STRUCT_VERSION, |
68 ¶ms, KADM5_STRUCT_VERSION, |
68 KADM5_API_VERSION_4, db_args, |
69 KADM5_API_VERSION_4, db_args, |
125 + void **server_handle); |
126 + void **server_handle); |
126 + |
127 + |
127 kadm5_ret_t kadm5_lock(void *server_handle); |
128 kadm5_ret_t kadm5_lock(void *server_handle); |
128 kadm5_ret_t kadm5_unlock(void *server_handle); |
129 kadm5_ret_t kadm5_unlock(void *server_handle); |
129 kadm5_ret_t kadm5_flush(void *server_handle); |
130 kadm5_ret_t kadm5_flush(void *server_handle); |
130 /usr/gnu/bin/diff -pur old/src/lib/kadm5/clnt/client_init.c new/src/lib/kadm5/clnt/client_init.c |
131 diff -u -r old/src/lib/kadm5/clnt/client_init.c new/src/lib/kadm5/clnt/client_init.c |
131 --- unpatched/src/lib/kadm5/clnt/client_init.c 2016-03-28 00:19:36.988270188 -0600 |
132 --- old/src/lib/kadm5/clnt/client_init.c 2015-05-28 15:10:45.192975632 -0500 |
132 +++ patched/src/lib/kadm5/clnt/client_init.c 2016-03-28 13:12:43.769371355 -0600 |
133 +++ new/src/lib/kadm5/clnt/client_init.c 2015-06-02 10:33:51.639341637 -0500 |
133 @@ -55,7 +55,7 @@ enum init_type { INIT_PASS, INIT_SKEY, I |
134 @@ -55,7 +55,7 @@ |
134 |
135 |
135 static kadm5_ret_t |
136 static kadm5_ret_t |
136 init_any(krb5_context context, char *client_name, enum init_type init_type, |
137 init_any(krb5_context context, char *client_name, enum init_type init_type, |
137 - char *pass, krb5_ccache ccache_in, char *service_name, |
138 - char *pass, krb5_ccache ccache_in, char *service_name, |
138 + char *pass, krb5_ccache ccache_in, char **service_names, |
139 + char *pass, krb5_ccache ccache_in, char **service_names, |
139 kadm5_config_params *params, krb5_ui_4 struct_version, |
140 kadm5_config_params *params, krb5_ui_4 struct_version, |
140 krb5_ui_4 api_version, char **db_args, void **server_handle); |
141 krb5_ui_4 api_version, char **db_args, void **server_handle); |
141 |
142 |
142 @@ -87,8 +87,25 @@ kadm5_init_with_creds(krb5_context conte |
143 @@ -87,8 +87,25 @@ |
143 krb5_ui_4 api_version, char **db_args, |
144 krb5_ui_4 api_version, char **db_args, |
144 void **server_handle) |
145 void **server_handle) |
145 { |
146 { |
146 + char *svcnames[2]; |
147 + char *svcnames[2]; |
147 + |
148 + |
164 - service_name, params, struct_version, api_version, db_args, |
165 - service_name, params, struct_version, api_version, db_args, |
165 + svcnames, params, struct_version, api_version, db_args, |
166 + svcnames, params, struct_version, api_version, db_args, |
166 server_handle); |
167 server_handle); |
167 } |
168 } |
168 |
169 |
169 @@ -99,7 +116,24 @@ kadm5_init_with_password(krb5_context co |
170 @@ -99,7 +116,24 @@ |
170 krb5_ui_4 api_version, char **db_args, |
171 krb5_ui_4 api_version, char **db_args, |
171 void **server_handle) |
172 void **server_handle) |
172 { |
173 { |
173 - return init_any(context, client_name, INIT_PASS, pass, NULL, service_name, |
174 - return init_any(context, client_name, INIT_PASS, pass, NULL, service_name, |
174 + char *svcnames[2]; |
175 + char *svcnames[2]; |
190 +{ |
191 +{ |
191 + return init_any(context, client_name, INIT_PASS, pass, NULL, svcnames, |
192 + return init_any(context, client_name, INIT_PASS, pass, NULL, svcnames, |
192 params, struct_version, api_version, db_args, |
193 params, struct_version, api_version, db_args, |
193 server_handle); |
194 server_handle); |
194 } |
195 } |
195 @@ -110,8 +144,24 @@ kadm5_init_anonymous(krb5_context contex |
196 @@ -110,8 +144,24 @@ |
196 krb5_ui_4 struct_version, krb5_ui_4 api_version, |
197 krb5_ui_4 struct_version, krb5_ui_4 api_version, |
197 char **db_args, void **server_handle) |
198 char **db_args, void **server_handle) |
198 { |
199 { |
199 + char *svcnames[2]; |
200 + char *svcnames[2]; |
200 + |
201 + |
216 - service_name, params, struct_version, api_version, |
217 - service_name, params, struct_version, api_version, |
217 + svcnames, params, struct_version, api_version, |
218 + svcnames, params, struct_version, api_version, |
218 db_args, server_handle); |
219 db_args, server_handle); |
219 } |
220 } |
220 |
221 |
221 @@ -121,7 +171,23 @@ kadm5_init(krb5_context context, char *c |
222 @@ -121,7 +171,23 @@ |
222 krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, |
223 krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args, |
223 void **server_handle) |
224 void **server_handle) |
224 { |
225 { |
225 - return init_any(context, client_name, INIT_PASS, pass, NULL, service_name, |
226 - return init_any(context, client_name, INIT_PASS, pass, NULL, service_name, |
226 + char *svcnames[2]; |
227 + char *svcnames[2]; |
268 + return init_any(context, client_name, INIT_SKEY, keytab, NULL, |
269 + return init_any(context, client_name, INIT_SKEY, keytab, NULL, |
269 + svcnames, params, struct_version, api_version, db_args, |
270 + svcnames, params, struct_version, api_version, db_args, |
270 server_handle); |
271 server_handle); |
271 } |
272 } |
272 |
273 |
273 @@ -339,7 +422,7 @@ _kadm5_initialize_rpcsec_gss_handle(kadm |
274 @@ -338,7 +421,7 @@ |
274 } |
275 } |
275 |
276 |
276 /* |
277 /* |
277 - * iprop fallback logic: |
278 - * iprop fallback logic: |
278 + * iprop fallback logic: |
279 + * iprop fallback logic: |
279 * - if iprop_port is configured, connect to iprop_port |
280 * - if iprop_port is configured, connect to iprop_port |
280 * - if not, query remote rpc/bind |
281 * - if not, query remote rpc/bind |
281 * - if that fails, try consuming iprop service on kadmin port |
282 * - if that fails, try consuming iprop service on kadmin port |
282 @@ -512,9 +595,35 @@ cleanup: |
283 @@ -506,9 +589,35 @@ |
283 return (code); |
284 return (code); |
284 } |
285 } |
285 |
286 |
286 +/* utility function used below */ |
287 +/* utility function used below */ |
287 +static void |
288 +static void |
314 - char *pass, krb5_ccache ccache_in, char *svcname, |
315 - char *pass, krb5_ccache ccache_in, char *svcname, |
315 + char *pass, krb5_ccache ccache_in, char **svcnames_in, |
316 + char *pass, krb5_ccache ccache_in, char **svcnames_in, |
316 kadm5_config_params *params_in, krb5_ui_4 struct_version, |
317 kadm5_config_params *params_in, krb5_ui_4 struct_version, |
317 krb5_ui_4 api_version, char **db_args, void **server_handle) |
318 krb5_ui_4 api_version, char **db_args, void **server_handle) |
318 { |
319 { |
319 @@ -532,6 +641,10 @@ init_any(krb5_context context, char *cli |
320 @@ -526,6 +635,10 @@ |
320 |
321 |
321 int code = 0; |
322 int code = 0; |
322 generic_ret *r; |
323 generic_ret *r; |
323 + char **kadmin_srv_names = NULL; |
324 + char **kadmin_srv_names = NULL; |
324 + char *tmp_srv_names[2] = {NULL, NULL}; |
325 + char *tmp_srv_names[2] = {NULL, NULL}; |
325 + char **svcname_ptr; |
326 + char **svcname_ptr; |
326 + int i; |
327 + int i; |
327 |
328 |
328 initialize_ovk_error_table(); |
329 initialize_ovk_error_table(); |
329 /* initialize_adb_error_table(); */ |
330 /* initialize_adb_error_table(); */ |
330 @@ -599,34 +712,56 @@ init_any(krb5_context context, char *cli |
331 @@ -593,34 +706,56 @@ |
331 if (code) |
332 if (code) |
332 goto error; |
333 goto error; |
333 |
334 |
334 - /* NULL svcname means use host-based. */ |
335 - /* NULL svcname means use host-based. */ |
335 - if (svcname == NULL) { |
336 - if (svcname == NULL) { |
404 - } |
405 - } |
405 - |
406 - |
406 *server_handle = (void *) handle; |
407 *server_handle = (void *) handle; |
407 |
408 |
408 goto cleanup; |
409 goto cleanup; |
409 @@ -659,6 +794,8 @@ cleanup: |
410 @@ -653,6 +788,8 @@ |
410 krb5_free_principal(handle->context, server); |
411 krb5_free_principal(handle->context, server); |
411 if (code) |
412 if (code) |
412 free(handle); |
413 free(handle); |
413 + free_srv_names(kadmin_srv_names); |
414 + free_srv_names(kadmin_srv_names); |
414 + free(tmp_srv_names[0]); |
415 + free(tmp_srv_names[0]); |
415 |
416 |
416 return code; |
417 return code; |
417 } |
418 } |
418 @@ -671,46 +808,43 @@ get_init_creds(kadm5_server_handle_t han |
419 @@ -665,46 +802,43 @@ |
419 { |
420 { |
420 kadm5_ret_t code; |
421 kadm5_ret_t code; |
421 krb5_ccache ccache = NULL; |
422 krb5_ccache ccache = NULL; |
422 - krb5_principal cprinc; |
423 - krb5_principal cprinc; |
423 char svcbuf[BUFSIZ], *service, *host, *svcname, *save; |
424 char svcbuf[BUFSIZ], *service, *host, *svcname, *save; |
491 } |
492 } |
492 - free(svcname); |
493 - free(svcname); |
493 |
494 |
494 /* |
495 /* |
495 * Acquire a service ticket for svcname@realm for client, using password |
496 * Acquire a service ticket for svcname@realm for client, using password |
496 @@ -747,7 +881,7 @@ get_init_creds(kadm5_server_handle_t han |
497 @@ -741,7 +875,7 @@ |
497 } |
498 } |
498 handle->lhandle->cache_name = handle->cache_name; |
499 handle->lhandle->cache_name = handle->cache_name; |
499 |
500 |
500 - code = gic_iter(handle, init_type, ccache, client, pass, svcbuf, realm, |
501 - code = gic_iter(handle, init_type, ccache, client, pass, svcbuf, realm, |
501 + code = gic_iter(handle, init_type, ccache, client, pass, svcname, realm, |
502 + code = gic_iter(handle, init_type, ccache, client, pass, svcname, realm, |