+3005. [port] Solaris: Work around the lack of
+ gsskrb5_register_acceptor_identity() by setting
+ the KRB5_KTNAME environment variable to the
+ contents of tkey-gssapi-keytab. Also fixed
+ test errors on MacOSX. [RT #22853]
+
3004. [func] DNS64 reverse support. [RT #22769]
3003. [experimental] Added update-policy match type "external",
DIGOPTS="@10.53.0.1 -p 5300"
# we don't want a KRB5_CONFIG setting breaking the tests
-unset KRB5_CONFIG
+KRB5_CONFIG=/dev/null
+export KRB5_CONFIG
test_update() {
host="$1"
return 1
}
- out=`$DIG $DIGOPTS -t $type -q $host | egrep ^$host`
+ out=`$DIG $DIGOPTS -t $type -q $host | egrep "^${host}"`
lines=`echo "$out" | grep "$digout" | wc -l`
[ $lines -eq 1 ] || {
echo "I:dig output incorrect for $host $type $cmd: $out"
}
echo "I:testing updates as administrator"
-KRB5CCNAME=`pwd`/ns1/administrator.ccache
+KRB5CCNAME="FILE:"`pwd`/ns1/administrator.ccache
export KRB5CCNAME
test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || status=1
test_update denied.example.nil. TXT "86400 TXT helloworld" "helloworld" && status=1
echo "I:testing updates as a user"
-KRB5CCNAME=`pwd`/ns1/testdenied.ccache
+KRB5CCNAME="FILE:"`pwd`/ns1/testdenied.ccache
export KRB5CCNAME
test_update testdenied.example.nil. A "86400 A 10.53.0.12" "10.53.0.12" && status=1
[ $status -eq 0 ] && echo "I:tsiggss tests all OK"
-kill $(cat authsock.pid)
+kill `cat authsock.pid`
exit $status
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gssapictx.c,v 1.23 2010/12/24 02:20:47 each Exp $ */
+/* $Id: gssapictx.c,v 1.24 2011/01/08 00:33:12 each Exp $ */
#include <config.h>
isc_result_t
dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
isc_buffer_t *outtoken, gss_ctx_id_t *gssctx,
- dns_name_t *zone, isc_mem_t *mctx, char **err_message)
+ isc_mem_t *mctx, char **err_message)
{
#ifdef GSSAPI
isc_region_t r;
UNUSED(intoken);
UNUSED(outtoken);
UNUSED(gssctx);
- UNUSED(zone);
UNUSED(mctx);
UNUSED(err_message);
gss_name_t gname = NULL;
isc_result_t result;
char buf[1024];
+ char *kt = NULL;
REQUIRE(outtoken != NULL && *outtoken == NULL);
context = *ctxout;
if (gssapi_keytab != NULL) {
-#ifndef ISC_PLATFORM_GSSAPI_KRB5_HEADER
- return (ISC_R_NOTIMPLEMENTED);
-#else
+#ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER
gret = gsskrb5_register_acceptor_identity(gssapi_keytab);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed "
buf, sizeof(buf)));
return (DNS_R_INVALIDTKEY);
}
+#else
+ kt = isc_mem_allocate(mctx, strlen(gssapi_keytab) + 13);
+ sprintf(kt, "KRB5_KTNAME=%s", gssapi_keytab);
+ putenv(kt);
#endif
}
sizeof(buf)));
}
+ if (kt != NULL)
+ isc_mem_free(mctx, kt);
+
return (result);
#else
UNUSED(cred);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tkey.h,v 1.30 2010/12/20 23:47:21 tbox Exp $ */
+/* $Id: tkey.h,v 1.31 2011/01/08 00:33:12 each Exp $ */
#ifndef DNS_TKEY_H
#define DNS_TKEY_H 1
dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname,
isc_buffer_t *intoken, isc_uint32_t lifetime,
gss_ctx_id_t *context, isc_boolean_t win2k,
- dns_name_t *zone, isc_mem_t *mctx, char **err_message);
+ isc_mem_t *mctx, char **err_message);
/*%<
* Builds a query containing a TKEY that will generate a GSSAPI context.
* The key is requested to have the specified lifetime (in seconds).
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
dns_name_t *server, gss_ctx_id_t *context,
dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
- isc_boolean_t win2k, dns_name_t *zone,
- char **err_message);
+ isc_boolean_t win2k, char **err_message);
/*
* Client side negotiation of GSS-TSIG. Process the response
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: gssapi.h,v 1.14 2010/12/20 23:47:21 tbox Exp $ */
+/* $Id: gssapi.h,v 1.15 2011/01/08 00:33:12 each Exp $ */
#ifndef DST_GSSAPI_H
#define DST_GSSAPI_H 1
isc_result_t
dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
isc_buffer_t *outtoken, gss_ctx_id_t *gssctx,
- dns_name_t *zone, isc_mem_t *mctx, char **err_message);
+ isc_mem_t *mctx, char **err_message);
/*
* Initiates a GSS context.
*
*/
/*
- * $Id: tkey.c,v 1.98 2010/12/18 23:47:11 tbox Exp $
+ * $Id: tkey.c,v 1.99 2011/01/08 00:33:12 each Exp $
*/
/*! \file */
#include <config.h>
dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname,
isc_buffer_t *intoken, isc_uint32_t lifetime,
gss_ctx_id_t *context, isc_boolean_t win2k,
- dns_name_t *zone, isc_mem_t *mctx, char **err_message)
+ isc_mem_t *mctx, char **err_message)
{
dns_rdata_tkey_t tkey;
isc_result_t result;
REQUIRE(mctx != NULL);
isc_buffer_init(&token, array, sizeof(array));
- result = dst_gssapi_initctx(gname, NULL, &token, context, zone,
+ result = dst_gssapi_initctx(gname, NULL, &token, context,
mctx, err_message);
if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS)
return (result);
isc_buffer_init(outtoken, array, sizeof(array));
isc_buffer_init(&intoken, rtkey.key, rtkey.keylen);
RETERR(dst_gssapi_initctx(gname, &intoken, outtoken, context,
- NULL, ring->mctx, err_message));
+ ring->mctx, err_message));
RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx,
&dstkey, NULL));
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
dns_name_t *server, gss_ctx_id_t *context,
dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
- isc_boolean_t win2k, dns_name_t *zone,
- char **err_message)
+ isc_boolean_t win2k, char **err_message)
{
dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT;
dns_name_t *tkeyname;
isc_buffer_init(&outtoken, array, sizeof(array));
result = dst_gssapi_initctx(server, &intoken, &outtoken, context,
- zone, ring->mctx, err_message);
+ ring->mctx, err_message);
if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS)
return (result);
projects / thirdparty / bind9.git / commitdiff
