Attachment #224 for bug #488

View | Details | Raw Unified | Return to bug 488
Collapse All | Expand All

Lines 94-99 Link Here

(-)./servconf.h.lanl_cluster (+4 lines)
94	#if defined(AFS) \|\| defined(KRB5)	94	#if defined(AFS) \|\| defined(KRB5)
95	int kerberos_tgt_passing; /* If true, permit Kerberos TGT	95	int kerberos_tgt_passing; /* If true, permit Kerberos TGT
96	* passing. */	96	* passing. */
		97	int kerberos_tgt_addressless; /* If true, generate
		98	* addressless TGT when
		99	* authenticating with
		100	* a Kerberos password */
97	#endif	101	#endif
98	#ifdef AFS	102	#ifdef AFS
99	int afs_token_passing; /* If true, permit AFS token passing. */	103	int afs_token_passing; /* If true, permit AFS token passing. */

Lines 99-104 Link Here

(-)./servconf.c.lanl_cluster (+8 lines)
99	#endif	99	#endif
100	#if defined(AFS) \|\| defined(KRB5)	100	#if defined(AFS) \|\| defined(KRB5)
101	options->kerberos_tgt_passing = -1;	101	options->kerberos_tgt_passing = -1;
		102	options->kerberos_tgt_addressless = -1;
102	#endif	103	#endif
103	#ifdef AFS	104	#ifdef AFS
104	options->afs_token_passing = -1;	105	options->afs_token_passing = -1;
Lines 226-231 Link Here
226	#if defined(AFS) \|\| defined(KRB5)	227	#if defined(AFS) \|\| defined(KRB5)
227	if (options->kerberos_tgt_passing == -1)	228	if (options->kerberos_tgt_passing == -1)
228	options->kerberos_tgt_passing = 0;	229	options->kerberos_tgt_passing = 0;
		230	if (options->kerberos_tgt_addressless == -1)
		231	options->kerberos_tgt_addressless = 0;
229	#endif	232	#endif
230	#ifdef AFS	233	#ifdef AFS
231	if (options->afs_token_passing == -1)	234	if (options->afs_token_passing == -1)
Lines 298-303 Link Here
298	#endif	301	#endif
299	#if defined(KRB4) \|\| defined(KRB5)	302	#if defined(KRB4) \|\| defined(KRB5)
300	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,	303	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
		304	sKerberosTgtAddressless,
301	#endif	305	#endif
302	#if defined(AFS) \|\| defined(KRB5)	306	#if defined(AFS) \|\| defined(KRB5)
303	sKerberosTgtPassing,	307	sKerberosTgtPassing,
Lines 357-362 Link Here
357	{ "kerberosauthentication", sKerberosAuthentication },	361	{ "kerberosauthentication", sKerberosAuthentication },
358	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },	362	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
359	{ "kerberosticketcleanup", sKerberosTicketCleanup },	363	{ "kerberosticketcleanup", sKerberosTicketCleanup },
		364	{ "kerberostgtaddressless", sKerberosTgtAddressless },
360	#endif	365	#endif
361	#if defined(AFS) \|\| defined(KRB5)	366	#if defined(AFS) \|\| defined(KRB5)
362	{ "kerberostgtpassing", sKerberosTgtPassing },	367	{ "kerberostgtpassing", sKerberosTgtPassing },
Lines 693-698 Link Here
693	case sKerberosTicketCleanup:	698	case sKerberosTicketCleanup:
694	intptr = &options->kerberos_ticket_cleanup;	699	intptr = &options->kerberos_ticket_cleanup;
695	goto parse_flag;	700	goto parse_flag;
		701	case sKerberosTgtAddressless:
		702	intptr = &options->kerberos_tgt_addressless;
		703	goto parse_flag;
696	#endif	704	#endif
697	#if defined(AFS) \|\| defined(KRB5)	705	#if defined(AFS) \|\| defined(KRB5)
698	case sKerberosTgtPassing:	706	case sKerberosTgtPassing:

Lines 263-268 Link Here

(-)./auth-krb5.c.lanl_cluster (-2 / +18 lines)
263	char ccname[40];	263	char ccname[40];
264	int tmpfd;	264	int tmpfd;
265	#endif	265	#endif
		266
		267	krb5_get_init_creds_opt krb5_tgt_options;
		268
266	krb5_error_code problem;	269	krb5_error_code problem;
267		270
268	if (authctxt->pw == NULL)	271	if (authctxt->pw == NULL)
Lines 299-306 Link Here
299	goto out;	302	goto out;
300		303
301	#else	304	#else
302	problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,	305
303	authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL, NULL);	306	if (options.kerberos_tgt_addressless) {
		307	krb5_get_init_creds_opt_init(&krb5_tgt_options);
		308	krb5_get_init_creds_opt_set_forwardable(&krb5_tgt_options, 1);
		309	krb5_get_init_creds_opt_set_address_list(&krb5_tgt_options, NULL);
		310	problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
		311	authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL,
		312	&krb5_tgt_options);
		313	} else {
		314	problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
		315	authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL,
		316	NULL);
		317	}
		318
		319
304	if (problem)	320	if (problem)
305	goto out;	321	goto out;
306		322

Return to bug 488