[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-bugs
Subject: [krbdev.mit.edu #6516] Re: Reading kerberos-adm from DNS (PATCH)
From: "megacz () cs ! berkeley ! edu via RT" <rt-comment () krbdev ! mit ! edu>
Date: 2009-06-21 17:42:06
Message-ID: rt-6516-31446.13.9624551363702 () krbdev ! mit ! edu
[Download RAW message or body]
The following message is a courtesy copy of an article
that has been posted to \
gmane.comp.encryption.kerberos.general,gmane.comp.encryption.kerberos.devel as well.
It seems that this patch didn't wind up in the recent kerberos
release. Do you think somebody could review it for inclusion soon, so
that it has a chance of making it into the next release? If any
changes need to be made, please let me know and I will make them.
Thanks!
- a
Ken Raeburn <raeburn@mit.edu> writes:
> Sure. :)
> At first glance it looks good, but I want to have a closer look
> before committing it (unless someone else gets to it first). Thanks
> for sending it in!
>
> Adam Megacz <megacz@cs.berkeley.edu> writes:
> > Hi, would it be possible for the Kerberos maintainers to consider the
> > patch below for inclusion in the main libkadm5 distribution?
> >
> > - a
> >
> > Adam Megacz <megacz@cs.berkeley.edu> writes:
> > > Ken Raeburn <raeburn@mit.edu> writes:
> > > > > I believe the future has already arrived. Current MIT code should
> > > > > be capable of finding and using records like this:
> > > > >
> > > > > spam% dig _kerberos-adm._tcp.umich.edu srv
> > > >
> > > > This is used for the password-changing service, but unfortunately the
> > > > RPC code used for the kadmin program still looks up admin_server, and
> > > > uses the first IP address found when looking up that hostname. No
> > > > DNS, one hostname, one address, no service-location plugin support,
> > > > no IPv6. These do need to be fixed....
> > >
> > > This should help.
> > >
> > > - a
> > >
> > >
> > > diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
> > > index bb87f88..48b1792 100644
> > > --- a/src/lib/kadm5/alt_prof.c
> > > +++ b/src/lib/kadm5/alt_prof.c
> > > @@ -416,10 +416,31 @@ krb5_error_code kadm5_get_config_params(context, \
> > > kdcprofile, kdcenv, params.admin_server = strdup(params_in->admin_server);
> > > if (params.admin_server)
> > > params.mask |= KADM5_CONFIG_ADMIN_SERVER;
> > > - } else if (aprofile &&
> > > - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
> > > - params.admin_server = svalue;
> > > - params.mask |= KADM5_CONFIG_ADMIN_SERVER;
> > > + } else if (aprofile) {
> > > + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
> > > + params.admin_server = svalue;
> > > + params.mask |= KADM5_CONFIG_ADMIN_SERVER;
> > > + } else {
> > > + struct addrlist addrlist;
> > > + int i;
> > > + krb5_data drealm;
> > > + drealm.data = (void*)params.realm;
> > > + drealm.length = strlen(params.realm);
> > > + if (!krb5int_locate_server(context, &drealm, &addrlist, 0,
> > > + "admin_server", "_kerberos-adm", 1,
> > > + DEFAULT_KPASSWD_PORT, 0, 0)) {
> > > + for (i=0;i<addrlist.naddrs;i++ ) {
> > > + struct addrinfo *a = addrlist.addrs[i];
> > > + if (a->ai_family == AF_INET) {
> > > + params.admin_server = \
> > > strdup(inet_ntoa(sa2sin(a->ai_addr)->sin_addr)); + \
> > > params.kadmind_port = ntohs(sa2sin (a->ai_addr)->sin_port); + \
> > > params.mask |= KADM5_CONFIG_ADMIN_SERVER; + params.mask |= \
> > > KADM5_CONFIG_KADMIND_PORT; + break;
> > > + }
> > > + }
> > > + }
> > > + }
> > > }
> > > if (params.mask & KADM5_CONFIG_ADMIN_SERVER) {
> > > char *p;
> > >
> > > ________________________________________________
> > > Kerberos mailing list Kerberos@mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> > >
> >
> > --
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> --
>
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic