From: Andrew Boardman Date: Mon, 7 Aug 2006 21:54:51 +0000 (+0000) Subject: Merge of old development work for referrals. Also includes a X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31009f4948e73ee95138f3296a93414592b5966e;p=thirdparty%2Fkrb5.git Merge of old development work for referrals. Also includes a great deal of debugging code for eventual removal. git-svn-id: svn://anonsvn.mit.edu/krb5/users/amb/referrals@18416 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 958a4ce4a6..9761f6dd99 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -249,6 +249,7 @@ kerberos5_send(ap) } memset((char *)&creds, 0, sizeof(creds)); + printf("calling krb5_sname_to_principal\n"); if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host", KRB5_NT_SRV_HST, &creds.server))) { @@ -256,6 +257,7 @@ kerberos5_send(ap) printf("telnet: Kerberos V5: error while constructing service name: %s\r\n", error_message(r)); return(0); } + printf("done calling krb5_sname_to_principal\n"); if (telnet_krb5_realm != NULL) { krb5_data rdata; diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 807b81a86d..edeb3c317e 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -768,6 +768,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, client = in_cred->client; server = in_cred->server; + amb_dump_principal("krb5_get_cred_from_kdc_opt client", client); + amb_dump_principal("krb5_get_cred_from_kdc_opt server", server); memset(&cc_tgt, 0, sizeof(cc_tgt)); memset(&tgtq, 0, sizeof(tgtq)); tgtptr = NULL; diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index cd23d14d17..a4638d638e 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -30,6 +30,7 @@ * characters in the principal name. */ + #include "k5-int.h" /* @@ -79,6 +80,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip krb5_principal principal; krb5_error_code retval; + printf("krb5_parse_name called on %s\n",name); /* * Pass 1. Find out how many components there are to the name, * and get string sizes for the first FCOMPNUM components. @@ -278,8 +280,22 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip principal->magic = KV5M_PRINCIPAL; principal->realm.magic = KV5M_DATA; *nprincipal = principal; + amb_dump_principal("krb5_parse_name",principal); + krb5_xfree(default_realm); + printf("end of krb5_parse_name()\n"); return(0); } +void amb_dump_principal(char *d, krb5_principal p) +{ + int n; + + printf(" **dumping principal from %s\n",d); + printf(" principal realm: <%s>\n",p->realm.data); + printf(" principal length is %d\n",p->length); + for (n=0;nlength;n++) + printf(" principal data[%d]: %s\n",n,p->data[n].data); + printf(" principal type is %d\n",p->type); +} diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c index 074c7e1d07..933a12e738 100644 --- a/src/lib/krb5/krb/walk_rtree.c +++ b/src/lib/krb5/krb/walk_rtree.c @@ -102,7 +102,7 @@ * in order to get from the source realm to the destination realm. It * takes a realm separater character (normally ., but presumably there * for all those X.500 realms) . There are two modes it runs in: the - * ANL krb5.confmode and the hierarchy mode. The ANL mode is + * ANL krb5.conf mode and the hierarchy mode. The ANL mode is * fairly obvious. The hierarchy mode looks for common components in * both the client and server realms. In general, the pointer scp and * ccp are used to walk through the client and server realms. The @@ -133,6 +133,14 @@ krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_d char **cap_nodes; krb5_error_code cap_code; #endif + + printf("krb5_walk_realm_tree starting\n"); + printf("client is %s\n",client->data); + printf("server is %s\n",server->data); + printf("tree is:\n"); + for(i=0;tree[i];i++) + amb_dump_principal("krb5_walk_realm_tree tree",tree[i]); + if (!(client->data &&server->data)) return KRB5_NO_TKT_IN_RLM; #ifdef CONFIGURABLE_AUTHENTICATION_PATH @@ -380,5 +388,12 @@ krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_d } #endif *tree = rettree; + + printf("krb5_walk_realm_tree ending\n"); + printf("client is %s\n",client->data); + printf("server is %s\n",server->data); + printf("tree is:\n"); + for(i=0;tree[i];i++) + amb_dump_principal("krb5_walk_realm_tree tree",tree[i]); return 0; } diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 17b1e42c49..7b1c94f602 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -201,6 +201,8 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) int l; char local_host[MAXDNAME+1]; + printf("get_host_realm(host:%s) called\n",host); + if (host) { /* Filter out numeric addresses if the caller utterly failed to convert them to names. */ @@ -256,9 +258,11 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) */ cp = local_host; + printf(" local_host: %s\n",local_host); realm = default_realm = (char *)NULL; temp_realm = 0; while (cp) { + printf(" trying to look up %s in the domain_realm map\n",cp); retval = profile_get_string(context->profile, "domain_realm", cp, 0, (char *)NULL, &temp_realm); if (retval) @@ -277,7 +281,9 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) cp = strchr(cp, '.'); } } + printf(" done searching the domain_realm map\n"); if (temp_realm) { + printf(" temp_realm is %s\n",temp_realm); realm = malloc(strlen(temp_realm) + 1); if (!realm) { profile_release_string(temp_realm); @@ -287,47 +293,13 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) profile_release_string(temp_realm); } -#ifdef KRB5_DNS_LOOKUP if (realm == (char *)NULL) { - int use_dns = _krb5_use_dns_realm(context); - if ( use_dns ) { - /* - * Since this didn't appear in our config file, try looking - * it up via DNS. Look for a TXT records of the form: - * - * _kerberos. - * - */ - cp = local_host; - do { - retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm); - cp = strchr(cp,'.'); - if (cp) - cp++; - } while (retval && cp && cp[0]); - } - } -#endif /* KRB5_DNS_LOOKUP */ - if (realm == (char *)NULL) { - if (default_realm != (char *)NULL) { - /* We are defaulting to the realm of the host */ - if (!(cp = (char *)malloc(strlen(default_realm)+1))) - return ENOMEM; - strcpy(cp, default_realm); - realm = cp; - - /* Assume the realm name is upper case */ - for (cp = realm; *cp; cp++) - if (islower((unsigned char) (*cp))) - *cp = toupper((unsigned char) *cp); - } else { - /* We are defaulting to the local realm */ - retval = krb5_get_default_realm(context, &realm); - if (retval) { - return retval; - } - } + if (!(cp = (char *)malloc(strlen(KRB5_REFERRAL_REALM)+1))) + return ENOMEM; + strcpy(cp, KRB5_REFERRAL_REALM); + realm = cp; } + if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) { if (realm != (char *)NULL) free(realm); diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index 2ba7e8ae2a..18585f915c 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -68,6 +68,10 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * register char *cp; char localname[MAXHOSTNAMELEN]; + FILE *log; + + printf("krb5_sname_to_principal(host=%s, sname=%s, type=%d)\n",hostname,sname,type); + printf(" name types: 0=unknown, 3=srv_host\n"); if ((type == KRB5_NT_UNKNOWN) || (type == KRB5_NT_SRV_HST)) { @@ -105,6 +109,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * try_getaddrinfo_again: err = getaddrinfo(hostname, 0, &hints, &ai); if (err) { + printf("probably punting due to bad hostname of %s\n",hostname); if (hints.ai_family == AF_INET) { /* Just in case it's an IPv6-only name. */ hints.ai_family = 0; @@ -145,11 +150,13 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * } if (!remote_host) return ENOMEM; + printf(" hostname <%s> after rdns processing\n",remote_host); /* XXX */ if (type == KRB5_NT_SRV_HST) for (cp = remote_host; *cp; cp++) if (isupper((unsigned char) (*cp))) *cp = tolower((unsigned char) (*cp)); + printf(" hostname <%s> after case folding\n",remote_host); /* XXX */ /* * Windows NT5's broken resolver gratuitously tacks on a @@ -167,6 +174,9 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * free(remote_host); return retval; } + + printf(" realm <%s> after krb5_get_host_realm\n",hrealms[0]); + if (!hrealms[0]) { free(remote_host); krb5_xfree(hrealms); @@ -180,6 +190,11 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * krb5_princ_type(context, *ret_princ) = type; + printf("krb5_sname_to_principal returning\n"); + printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n", + realm,sname,remote_host); + amb_dump_principal("krb5_sname_to_principal",*ret_princ); + free(remote_host); krb5_free_host_realm(context, hrealms);