[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-274-g2355d
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-274-g2355ddb |
|
Date: |
Wed, 17 Apr 2013 15:16:34 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via 2355ddbc4af9a0f6c6f92833763b32fb05d56633 (commit)
via af67ee310bc21e8196be2f66b7269a3f394cb129 (commit)
from 5d83e7c8c1c96de49972fd0d8dd687a64da0af09 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=2355ddbc4af9a0f6c6f92833763b32fb05d56633
commit 2355ddbc4af9a0f6c6f92833763b32fb05d56633
Author: Mats Erik Andersson <address@hidden>
Date: Wed Apr 17 16:43:26 2013 +0200
rlogind, rshd: Set realm with Kerberos5.
diff --git a/ChangeLog b/ChangeLog
index 17a6f49..ff5cfad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2013-04-17 Mats Erik Andersson <address@hidden>
+
+ rlogind, rshd: Set realm with Kerberos5.
+
+ * src/rlogind.c (do_krb5_login) [KRB5}: Declare SERVER
+ with larger scope. If `servername' has content, then
+ call krb5_set_default_realm() with supporting code.
+ * src/rshd.c (doit) [KRB5] <use_kerberos>: Likewise.
+
2013-04-15 Mats Erik Andersson <address@hidden>
* src/rlogind.c (parse_opt) [KERBEROS || SHISHI]
diff --git a/src/rlogind.c b/src/rlogind.c
index 2fd1239..066679d 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -1456,6 +1456,7 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
krb5_data inbuf;
krb5_data version;
krb5_authenticator *authenticator;
+ krb5_principal server;
krb5_rcache rcache;
krb5_keyblock *key;
krb5_ticket *ticket;
@@ -1472,6 +1473,31 @@ do_krb5_login (int infd, struct auth_data *ap, const
char **err_msg)
return status;
}
+ if (servername && *servername)
+ {
+ status = krb5_parse_name (ap->context, servername, &server);
+ if (status)
+ {
+ syslog (LOG_ERR, "Invalid principal '%s': %s",
+ servername, error_message (status));
+ return status;
+ }
+
+ /* A realm name missing in `servername' has been augmented
+ * by krb5_parse_name(), so setting it is always harmless.
+ */
+ status = krb5_set_default_realm (ap->context,
+ krb5_princ_realm (ap->context,
+ server)->data);
+ krb5_free_principal (ap->context, server);
+ if (status)
+ {
+ syslog (LOG_ERR, "Setting krb5 realm: %s",
+ error_message (status));
+ return status;
+ }
+ }
+
if ((status = krb5_auth_con_init (ap->context, &auth_ctx))
|| (status = krb5_auth_con_genaddrs (ap->context, auth_ctx, infd,
KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR))
@@ -1480,8 +1506,6 @@ do_krb5_login (int infd, struct auth_data *ap, const char
**err_msg)
if (!rcache)
{
- krb5_principal server;
-
status = krb5_sname_to_principal (ap->context, 0, 0, KRB5_NT_SRV_HST,
&server);
if (status)
diff --git a/src/rshd.c b/src/rshd.c
index 5e0b54a..6941b16 100644
--- a/src/rshd.c
+++ b/src/rshd.c
@@ -864,8 +864,27 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t
fromlen)
#elif defined KRB5
if (use_kerberos)
{
+ krb5_principal server;
+
/* Set up context data. */
rc = krb5_init_context (&context);
+
+ if (!rc && servername && *servername)
+ {
+ rc = krb5_parse_name (context, servername, &server);
+
+ /* A realm name missing in `servername' has been augmented
+ * by krb5_parse_name(), so setting it again is harmless.
+ */
+ if (!rc)
+ {
+ rc = krb5_set_default_realm (context,
+ krb5_princ_realm
+ (context, server)->data);
+ krb5_free_principal (context, server);
+ }
+ }
+
if (!rc)
rc = krb5_auth_con_init (context, &auth_ctx);
if (!rc)
@@ -876,8 +895,6 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen)
if (!rc && !rcache)
{
- krb5_principal server;
-
rc = krb5_sname_to_principal (context, 0, 0,
KRB5_NT_SRV_HST, &server);
if (!rc)
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=af67ee310bc21e8196be2f66b7269a3f394cb129
commit af67ee310bc21e8196be2f66b7269a3f394cb129
Author: Mats Erik Andersson <address@hidden>
Date: Tue Apr 16 11:35:59 2013 +0200
rlogind: Side stepped error message.
diff --git a/ChangeLog b/ChangeLog
index e2360a4..17a6f49 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2013-04-15 Mats Erik Andersson <address@hidden>
+
+ * src/rlogind.c (parse_opt) [KERBEROS || SHISHI]
+ <'k'>: Remove unused code checking `arg'.
+ (do_krb_login) [KRB5]: Remove `else', which prevents
+ later error message extraction.
+ [SHISHI]: Likewise.
+
2013-04-11 Mats Erik Andersson <address@hidden>
Working distcheck target.
diff --git a/src/rlogind.c b/src/rlogind.c
index 4772026..2fd1239 100644
--- a/src/rlogind.c
+++ b/src/rlogind.c
@@ -532,15 +532,7 @@ parse_opt (int key, char *arg,
#if defined KERBEROS || defined SHISHI
case 'k':
- if (arg)
- {
- if (*arg == '4')
- kerberos = AUTH_KERBEROS_4;
- else if (*arg == '5')
- kerberos = AUTH_KERBEROS_5;
- }
- else
- kerberos = AUTH_KERBEROS_DEFAULT;
+ kerberos = AUTH_KERBEROS_DEFAULT;
break;
case 'S':
@@ -1365,11 +1357,9 @@ do_krb_login (int infd, struct auth_data *ap, const char
**err_msg)
# if defined KRB5
if (kerberos == AUTH_KERBEROS_5)
rc = do_krb5_login (infd, ap, err_msg);
- else
# elif defined SHISHI
if (kerberos == AUTH_KERBEROS_SHISHI)
rc = do_shishi_login (infd, ap, err_msg);
- else
# else
rc = do_krb4_login (infd, ap, err_msg);
# endif
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 17 +++++++++++++++++
src/rlogind.c | 40 +++++++++++++++++++++++++++-------------
src/rshd.c | 21 +++++++++++++++++++--
3 files changed, 63 insertions(+), 15 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-274-g2355ddb,
Mats Erik Andersson <=