From: Greg Hudson Date: Thu, 25 Aug 2016 19:37:23 +0000 (-0400) Subject: Consolidate sn2princ_realm() in kprop and kpropd X-Git-Tag: krb5-1.15-beta1~56 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2ff1d95a8c3c455fc70d7ef6644fa4dabf96549;p=thirdparty%2Fkrb5.git Consolidate sn2princ_realm() in kprop and kpropd In kprop and kpropd, factor out the duplicated implementation of sn2princ_with_realm() into kprop_util.c. Rename it to sn2princ_realm(), remove the type parameter, and require the sname parameter to be specified. Rewrite the function to use krb5_expand_hostname(), avoiding an unnecessary hostrealm lookup. --- diff --git a/src/slave/kprop.c b/src/slave/kprop.c index e80ecab140..5bff5de2c9 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -182,35 +182,6 @@ parse_args(krb5_context context, int argc, char **argv) } } -/* Runs krb5_sname_to_principal with a substitute realm - * Duplicated in kpropd.c, sharing TBD */ -static krb5_error_code -sn2princ_with_realm(krb5_context context, const char *hostname, - const char *sname, krb5_int32 type, const char *rrealm, - krb5_principal *princ_out) -{ - krb5_error_code ret; - krb5_principal princ = NULL; - - *princ_out = NULL; - - if (rrealm == NULL) - return EINVAL; - - ret = krb5_sname_to_principal(context, hostname, sname, type, &princ); - if (ret) - return ret; - - ret = krb5_set_principal_realm(context, princ, rrealm); - if (ret) { - krb5_free_principal(context, princ); - return ret; - } - - *princ_out = princ; - return 0; -} - static void get_tickets(krb5_context context) { @@ -220,8 +191,8 @@ get_tickets(krb5_context context) krb5_principal server_princ = NULL; /* Figure out what tickets we'll be using to send. */ - retval = sn2princ_with_realm(context, NULL, NULL, KRB5_NT_SRV_HST, realm, - &my_principal); + retval = sn2princ_realm(context, NULL, KPROP_SERVICE_NAME, realm, + &my_principal); if (retval) { com_err(progname, errno, _("while setting client principal name")); exit(1); @@ -229,8 +200,8 @@ get_tickets(krb5_context context) /* Construct the principal name for the slave host. */ memset(&creds, 0, sizeof(creds)); - retval = sn2princ_with_realm(context, slave_host, KPROP_SERVICE_NAME, - KRB5_NT_SRV_HST, realm, &server_princ); + retval = sn2princ_realm(context, slave_host, KPROP_SERVICE_NAME, realm, + &server_princ); if (retval) { com_err(progname, errno, _("while setting server principal name")); exit(1); diff --git a/src/slave/kprop.h b/src/slave/kprop.h index a4aa39a68c..dbbda435a9 100644 --- a/src/slave/kprop.h +++ b/src/slave/kprop.h @@ -37,3 +37,7 @@ int sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa, krb5_address **dest); + +krb5_error_code +sn2princ_realm(krb5_context context, const char *hostname, const char *sname, + const char *realm, krb5_principal *princ_out); diff --git a/src/slave/kprop_util.c b/src/slave/kprop_util.c index beaf1c8ca7..f182554e61 100644 --- a/src/slave/kprop_util.c +++ b/src/slave/kprop_util.c @@ -65,3 +65,34 @@ sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa, return krb5_copy_addr(context, &addr, dest); } + +/* Construct a host-based principal, similar to krb5_sname_to_principal() but + * with a specified realm. */ +krb5_error_code +sn2princ_realm(krb5_context context, const char *hostname, const char *sname, + const char *realm, krb5_principal *princ_out) +{ + krb5_error_code ret; + char *canonhost, localname[MAXHOSTNAMELEN]; + + *princ_out = NULL; + assert(sname != NULL && realm != NULL); + + /* If hostname is NULL, use the local hostname. */ + if (hostname == NULL) { + if (gethostname(localname, MAXHOSTNAMELEN) != 0) + return SOCKET_ERRNO; + hostname = localname; + } + + ret = krb5_expand_hostname(context, hostname, &canonhost); + if (ret) + return ret; + + ret = krb5_build_principal(context, princ_out, strlen(realm), realm, sname, + canonhost, (char *)NULL); + krb5_free_string(context, canonhost); + if (!ret) + (*princ_out)->type = KRB5_NT_SRV_HST; + return ret; +} diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index ef64222986..056c31a42f 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -601,34 +601,6 @@ full_resync(CLIENT *clnt) return (status == RPC_SUCCESS) ? &clnt_res : NULL; } -/* Runs krb5_sname_to_principal with a substitute realm. - * Duplicated in kprop.c, sharing TBD */ -static krb5_error_code -sn2princ_with_realm(krb5_context context, const char *hostname, - const char *sname, krb5_int32 type, const char *rrealm, - krb5_principal *princ_out) -{ - krb5_error_code ret; - krb5_principal princ = NULL; - - *princ_out = NULL; - - if (rrealm == NULL) - return EINVAL; - - ret = krb5_sname_to_principal(context, hostname, sname, type, &princ); - if (ret) - return ret; - - ret = krb5_set_principal_realm(context, princ, rrealm); - if (ret) { - krb5_free_principal(context, princ); - return ret; - } - - *princ_out = princ; - return 0; -} /* * Beg for incrementals from the KDC. * @@ -671,8 +643,8 @@ do_iprop() } } - retval = sn2princ_with_realm(kpropd_context, NULL, KIPROP_SVC_NAME, - KRB5_NT_SRV_HST, realm, &iprop_svc_principal); + retval = sn2princ_realm(kpropd_context, NULL, KIPROP_SVC_NAME, realm, + &iprop_svc_principal); if (retval) { com_err(progname, retval, _("while trying to construct host service principal")); @@ -1176,8 +1148,8 @@ parse_args(char **argv) } /* Construct service name from local hostname. */ - retval = sn2princ_with_realm(kpropd_context, NULL, KPROP_SERVICE_NAME, - KRB5_NT_SRV_HST, realm, &server); + retval = sn2princ_realm(kpropd_context, NULL, KPROP_SERVICE_NAME, realm, + &server); if (retval) { com_err(progname, retval, _("while trying to construct my service name"));