}
memset((char *)&creds, 0, sizeof(creds));
+ printf("calling krb5_sname_to_principal\n");
if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName,
"host", KRB5_NT_SRV_HST,
&creds.server))) {
printf("telnet: Kerberos V5: error while constructing service name: %s\r\n", error_message(r));
return(0);
}
+ printf("done calling krb5_sname_to_principal\n");
if (telnet_krb5_realm != NULL) {
krb5_data rdata;
client = in_cred->client;
server = in_cred->server;
+ amb_dump_principal("krb5_get_cred_from_kdc_opt client", client);
+ amb_dump_principal("krb5_get_cred_from_kdc_opt server", server);
memset(&cc_tgt, 0, sizeof(cc_tgt));
memset(&tgtq, 0, sizeof(tgtq));
tgtptr = NULL;
* characters in the principal name.
*/
+
#include "k5-int.h"
/*
krb5_principal principal;
krb5_error_code retval;
+ printf("krb5_parse_name called on %s\n",name);
/*
* Pass 1. Find out how many components there are to the name,
* and get string sizes for the first FCOMPNUM components.
principal->magic = KV5M_PRINCIPAL;
principal->realm.magic = KV5M_DATA;
*nprincipal = principal;
+ amb_dump_principal("krb5_parse_name",principal);
+
krb5_xfree(default_realm);
+ printf("end of krb5_parse_name()\n");
return(0);
}
+void amb_dump_principal(char *d, krb5_principal p)
+{
+ int n;
+
+ printf(" **dumping principal from %s\n",d);
+ printf(" principal realm: <%s>\n",p->realm.data);
+ printf(" principal length is %d\n",p->length);
+ for (n=0;n<p->length;n++)
+ printf(" principal data[%d]: %s\n",n,p->data[n].data);
+ printf(" principal type is %d\n",p->type);
+}
* in order to get from the source realm to the destination realm. It
* takes a realm separater character (normally ., but presumably there
* for all those X.500 realms) . There are two modes it runs in: the
- * ANL krb5.confmode and the hierarchy mode. The ANL mode is
+ * ANL krb5.conf mode and the hierarchy mode. The ANL mode is
* fairly obvious. The hierarchy mode looks for common components in
* both the client and server realms. In general, the pointer scp and
* ccp are used to walk through the client and server realms. The
char **cap_nodes;
krb5_error_code cap_code;
#endif
+
+ printf("krb5_walk_realm_tree starting\n");
+ printf("client is %s\n",client->data);
+ printf("server is %s\n",server->data);
+ printf("tree is:\n");
+ for(i=0;tree[i];i++)
+ amb_dump_principal("krb5_walk_realm_tree tree",tree[i]);
+
if (!(client->data &&server->data))
return KRB5_NO_TKT_IN_RLM;
#ifdef CONFIGURABLE_AUTHENTICATION_PATH
}
#endif
*tree = rettree;
+
+ printf("krb5_walk_realm_tree ending\n");
+ printf("client is %s\n",client->data);
+ printf("server is %s\n",server->data);
+ printf("tree is:\n");
+ for(i=0;tree[i];i++)
+ amb_dump_principal("krb5_walk_realm_tree tree",tree[i]);
return 0;
}
int l;
char local_host[MAXDNAME+1];
+ printf("get_host_realm(host:%s) called\n",host);
+
if (host) {
/* Filter out numeric addresses if the caller utterly failed to
convert them to names. */
*/
cp = local_host;
+ printf(" local_host: %s\n",local_host);
realm = default_realm = (char *)NULL;
temp_realm = 0;
while (cp) {
+ printf(" trying to look up %s in the domain_realm map\n",cp);
retval = profile_get_string(context->profile, "domain_realm", cp,
0, (char *)NULL, &temp_realm);
if (retval)
cp = strchr(cp, '.');
}
}
+ printf(" done searching the domain_realm map\n");
if (temp_realm) {
+ printf(" temp_realm is %s\n",temp_realm);
realm = malloc(strlen(temp_realm) + 1);
if (!realm) {
profile_release_string(temp_realm);
profile_release_string(temp_realm);
}
-#ifdef KRB5_DNS_LOOKUP
if (realm == (char *)NULL) {
- int use_dns = _krb5_use_dns_realm(context);
- if ( use_dns ) {
- /*
- * Since this didn't appear in our config file, try looking
- * it up via DNS. Look for a TXT records of the form:
- *
- * _kerberos.<hostname>
- *
- */
- cp = local_host;
- do {
- retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
- cp = strchr(cp,'.');
- if (cp)
- cp++;
- } while (retval && cp && cp[0]);
- }
- }
-#endif /* KRB5_DNS_LOOKUP */
- if (realm == (char *)NULL) {
- if (default_realm != (char *)NULL) {
- /* We are defaulting to the realm of the host */
- if (!(cp = (char *)malloc(strlen(default_realm)+1)))
- return ENOMEM;
- strcpy(cp, default_realm);
- realm = cp;
-
- /* Assume the realm name is upper case */
- for (cp = realm; *cp; cp++)
- if (islower((unsigned char) (*cp)))
- *cp = toupper((unsigned char) *cp);
- } else {
- /* We are defaulting to the local realm */
- retval = krb5_get_default_realm(context, &realm);
- if (retval) {
- return retval;
- }
- }
+ if (!(cp = (char *)malloc(strlen(KRB5_REFERRAL_REALM)+1)))
+ return ENOMEM;
+ strcpy(cp, KRB5_REFERRAL_REALM);
+ realm = cp;
}
+
if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
if (realm != (char *)NULL)
free(realm);
register char *cp;
char localname[MAXHOSTNAMELEN];
+ FILE *log;
+
+ printf("krb5_sname_to_principal(host=%s, sname=%s, type=%d)\n",hostname,sname,type);
+ printf(" name types: 0=unknown, 3=srv_host\n");
if ((type == KRB5_NT_UNKNOWN) ||
(type == KRB5_NT_SRV_HST)) {
try_getaddrinfo_again:
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {
+ printf("probably punting due to bad hostname of %s\n",hostname);
if (hints.ai_family == AF_INET) {
/* Just in case it's an IPv6-only name. */
hints.ai_family = 0;
}
if (!remote_host)
return ENOMEM;
+ printf(" hostname <%s> after rdns processing\n",remote_host); /* XXX */
if (type == KRB5_NT_SRV_HST)
for (cp = remote_host; *cp; cp++)
if (isupper((unsigned char) (*cp)))
*cp = tolower((unsigned char) (*cp));
+ printf(" hostname <%s> after case folding\n",remote_host); /* XXX */
/*
* Windows NT5's broken resolver gratuitously tacks on a
free(remote_host);
return retval;
}
+
+ printf(" realm <%s> after krb5_get_host_realm\n",hrealms[0]);
+
if (!hrealms[0]) {
free(remote_host);
krb5_xfree(hrealms);
krb5_princ_type(context, *ret_princ) = type;
+ printf("krb5_sname_to_principal returning\n");
+ printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n",
+ realm,sname,remote_host);
+ amb_dump_principal("krb5_sname_to_principal",*ret_princ);
+
free(remote_host);
krb5_free_host_realm(context, hrealms);
projects / thirdparty / krb5.git / commitdiff
