svn commit: samba r18826 - in branches/SAMBA_4_0/source/heimdal:
kdc lib/krb5
abartlet at samba.org
abartlet at samba.org
Fri Sep 22 18:39:50 GMT 2006
Author: abartlet
Date: 2006-09-22 18:39:49 +0000 (Fri, 22 Sep 2006)
New Revision: 18826
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18826
Log:
Allow 'enterprise' principal names to log in.
These principals do not need to be in the same realm as the rest of
the ticket, the full principal name is in the first componet of the
ASN.1.
Samba4's backend will handle getting this to the 'right' place.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/heimdal/kdc/524.c
branches/SAMBA_4_0/source/heimdal/kdc/kerberos4.c
branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c
branches/SAMBA_4_0/source/heimdal/lib/krb5/asn1_glue.c
branches/SAMBA_4_0/source/heimdal/lib/krb5/get_in_tkt.c
branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h
branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_cred.c
branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_req.c
Changeset:
Modified: branches/SAMBA_4_0/source/heimdal/kdc/524.c
===================================================================
--- branches/SAMBA_4_0/source/heimdal/kdc/524.c 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/kdc/524.c 2006-09-22 18:39:49 UTC (rev 18826)
@@ -53,7 +53,7 @@
krb5_error_code ret;
krb5_principal sprinc;
- ret = _krb5_principalname2krb5_principal(&sprinc, t->sname, t->realm);
+ ret = _krb5_principalname2krb5_principal(context, &sprinc, t->sname, t->realm);
if (ret) {
kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
krb5_get_err_text(context, ret));
@@ -90,7 +90,7 @@
char *cpn;
krb5_error_code ret;
- ret = _krb5_principalname2krb5_principal(&client, et->cname, et->crealm);
+ ret = _krb5_principalname2krb5_principal(context, &client, et->cname, et->crealm);
if (ret) {
kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
krb5_get_err_text (context, ret));
Modified: branches/SAMBA_4_0/source/heimdal/kdc/kerberos4.c
===================================================================
--- branches/SAMBA_4_0/source/heimdal/kdc/kerberos4.c 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/kdc/kerberos4.c 2006-09-22 18:39:49 UTC (rev 18826)
@@ -655,7 +655,8 @@
{
krb5_principal princ;
- _krb5_principalname2krb5_principal(&princ,
+ _krb5_principalname2krb5_principal(context,
+ &princ,
*service,
et->crealm);
ret = krb5_524_conv_principal(context,
@@ -667,7 +668,8 @@
if(ret)
return ret;
- _krb5_principalname2krb5_principal(&princ,
+ _krb5_principalname2krb5_principal(context,
+ &princ,
et->cname,
et->crealm);
Modified: branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c
===================================================================
--- branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/kdc/kerberos5.c 2006-09-22 18:39:49 UTC (rev 18826)
@@ -869,7 +869,7 @@
ret = KRB5KRB_ERR_GENERIC;
e_text = "No server in request";
} else{
- _krb5_principalname2krb5_principal (&server_princ,
+ _krb5_principalname2krb5_principal (context, &server_princ,
*(b->sname), b->realm);
ret = krb5_unparse_name(context, server_princ, &server_name);
}
@@ -882,7 +882,7 @@
ret = KRB5KRB_ERR_GENERIC;
e_text = "No client in request";
} else {
- _krb5_principalname2krb5_principal (&client_princ,
+ _krb5_principalname2krb5_principal (context, &client_princ,
*(b->cname), b->realm);
ret = krb5_unparse_name(context, client_princ, &client_name);
}
@@ -1270,7 +1270,7 @@
if (f.request_anonymous)
make_anonymous_principalname (&rep.cname);
else
- _krb5_principal2principalname(&rep.cname,
+ _krb5_principal2principalname(&rep.cname,
client->entry.principal);
rep.ticket.tkt_vno = 5;
copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
@@ -2137,7 +2137,7 @@
goto out2;
}
- _krb5_principalname2krb5_principal(&princ,
+ _krb5_principalname2krb5_principal(context, &princ,
ap_req.ticket.sname,
ap_req.ticket.realm);
@@ -2340,7 +2340,7 @@
ret = KRB5KDC_ERR_POLICY;
goto out2;
}
- _krb5_principalname2krb5_principal(&p, t->sname, t->realm);
+ _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
ret = _kdc_db_fetch(context, config, p,
HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &uu);
krb5_free_principal(context, p);
@@ -2364,11 +2364,11 @@
r = adtkt.crealm;
}
- _krb5_principalname2krb5_principal(&sp, *s, r);
+ _krb5_principalname2krb5_principal(context, &sp, *s, r);
ret = krb5_unparse_name(context, sp, &spn);
if (ret)
goto out;
- _krb5_principalname2krb5_principal(&cp, tgt->cname, tgt->crealm);
+ _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm);
ret = krb5_unparse_name(context, cp, &cpn);
if (ret)
goto out;
Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/asn1_glue.c
===================================================================
--- branches/SAMBA_4_0/source/heimdal/lib/krb5/asn1_glue.c 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/lib/krb5/asn1_glue.c 2006-09-22 18:39:49 UTC (rev 18826)
@@ -47,13 +47,23 @@
}
krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principalname2krb5_principal (krb5_principal *principal,
+_krb5_principalname2krb5_principal (krb5_context context,
+ krb5_principal *principal,
const PrincipalName from,
const Realm realm)
{
- krb5_principal p = malloc(sizeof(*p));
- copy_PrincipalName(&from, &p->name);
- p->realm = strdup(realm);
- *principal = p;
+ if (from.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+ if (from.name_string.len != 1) {
+ return KRB5_PARSE_MALFORMED;
+ }
+ return krb5_parse_name(context,
+ from.name_string.val[0],
+ principal);
+ } else {
+ krb5_principal p = malloc(sizeof(*p));
+ copy_PrincipalName(&from, &p->name);
+ p->realm = strdup(realm);
+ *principal = p;
+ }
return 0;
}
Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/get_in_tkt.c
===================================================================
--- branches/SAMBA_4_0/source/heimdal/lib/krb5/get_in_tkt.c 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/lib/krb5/get_in_tkt.c 2006-09-22 18:39:49 UTC (rev 18826)
@@ -137,7 +137,8 @@
time_t tmp_time;
krb5_timestamp sec_now;
- ret = _krb5_principalname2krb5_principal (&tmp_principal,
+ ret = _krb5_principalname2krb5_principal (context,
+ &tmp_principal,
rep->kdc_rep.cname,
rep->kdc_rep.crealm);
if (ret)
@@ -170,7 +171,8 @@
/* compare server */
- ret = _krb5_principalname2krb5_principal (&tmp_principal,
+ ret = _krb5_principalname2krb5_principal (context,
+ &tmp_principal,
rep->kdc_rep.ticket.sname,
rep->kdc_rep.ticket.realm);
if (ret)
Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h
===================================================================
--- branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/lib/krb5/krb5-private.h 2006-09-22 18:39:49 UTC (rev 18826)
@@ -372,6 +372,7 @@
krb5_error_code KRB5_LIB_FUNCTION
_krb5_principalname2krb5_principal (
+ krb5_context /* context */,
krb5_principal */*principal*/,
const PrincipalName /*from*/,
const Realm /*realm*/);
Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_cred.c
===================================================================
--- branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_cred.c 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_cred.c 2006-09-22 18:39:49 UTC (rev 18826)
@@ -265,7 +265,7 @@
krb5_abortx(context, "internal error in ASN.1 encoder");
copy_EncryptionKey (&kci->key, &creds->session);
if (kci->prealm && kci->pname)
- _krb5_principalname2krb5_principal (&creds->client,
+ _krb5_principalname2krb5_principal (context, &creds->client,
*kci->pname,
*kci->prealm);
if (kci->flags)
@@ -279,7 +279,8 @@
if (kci->renew_till)
creds->times.renew_till = *kci->renew_till;
if (kci->srealm && kci->sname)
- _krb5_principalname2krb5_principal (&creds->server,
+ _krb5_principalname2krb5_principal (context,
+ &creds->server,
*kci->sname,
*kci->srealm);
if (kci->caddr)
Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_req.c
===================================================================
--- branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_req.c 2006-09-22 15:14:53 UTC (rev 18825)
+++ branches/SAMBA_4_0/source/heimdal/lib/krb5/rd_req.c 2006-09-22 18:39:49 UTC (rev 18826)
@@ -376,10 +376,12 @@
if(ret)
goto out;
- ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname,
+ ret = _krb5_principalname2krb5_principal(context,
+ &t->server, ap_req->ticket.sname,
ap_req->ticket.realm);
if (ret) goto out;
- ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname,
+ ret = _krb5_principalname2krb5_principal(context,
+ &t->client, t->ticket.cname,
t->ticket.crealm);
if (ret) goto out;
@@ -400,10 +402,10 @@
krb5_principal p1, p2;
krb5_boolean res;
- _krb5_principalname2krb5_principal(&p1,
+ _krb5_principalname2krb5_principal(context, &p1,
ac->authenticator->cname,
ac->authenticator->crealm);
- _krb5_principalname2krb5_principal(&p2,
+ _krb5_principalname2krb5_principal(context, &p2,
t->ticket.cname,
t->ticket.crealm);
res = krb5_principal_compare (context, p1, p2);
@@ -605,7 +607,7 @@
return ret;
if(server == NULL){
- _krb5_principalname2krb5_principal(&service,
+ _krb5_principalname2krb5_principal(context, &service,
ap_req.ticket.sname,
ap_req.ticket.realm);
server = service;
More information about the samba-cvs
mailing list