[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
making krb5_425_conv_principal_ext useful for srv2key
So when you have a srvtab you're keytabbing you know the full name of the
host, you really don't need help. Since ktutil doesn't do anything itself
no verifier function can be passed into this call, which means:
a) possibly no resolving
b) if you have v4_domains set this isn't used for resolving anyhow, so the
first domain from the list is used
This is suboptimal. I include a patch but there are other issues with
calling what I do only when I do. That said hopefully it will encourage
comment and adoption of something similar.
-D
--- principal.c 2000/10/16 03:42:14 1.73
+++ lib/krb5/principal.c 2001/06/07 21:12:37
@@ -637,6 +638,7 @@
krb5_error_code ret;
krb5_principal pr;
char host[MAXHOSTNAMELEN];
+ char local_hostname[MAXHOSTNAMELEN];
/* do the following: if the name is found in the
`v4_name_convert:host' part, is is assumed to be a `host' type
@@ -709,6 +711,17 @@
dns_free_data(r);
#endif
}
+
+
+ if ((func == NULL) &&
+ (gethostname (local_hostname, sizeof(local_hostname)) == 0)) {
+ if((strncmp(instance, local_hostname, strlen(instance)) == 0) &&
+ (local_hostname[strlen(instance)] == '.')) {
+ strncpy(host, local_hostname, sizeof(host));
+ goto local_host;
+ }
+ }
+
{
char **domains, **d;
domains = krb5_config_get_strings(context, NULL, "realms", realm,
@@ -737,6 +749,7 @@
if (*p == '.')
++p;
snprintf(host, sizeof(host), "%s.%s", instance, p);
+local_host:
ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
if(func == NULL || (*func)(context, pr)){
*princ = pr;