Attachment 224 Details for Bug 488 – Patch for addressless kerberos tickets

[patch] Patch for addressless kerberos tickets

openssh-3.4p1-lanl_cluster.patch (text/plain), 3.18 KB, created by Stephen J Smoogen on 2003-02-07 09:44:55 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Stephen J Smoogen

Created: 2003-02-07 09:44:55 AEDT

Size: 3.18 KB

patch

obsolete

>--- ./servconf.h.lanl_cluster	Fri Sep 20 08:32:53 2002
>+++ ./servconf.h	Fri Sep 20 08:59:42 2002
>@@ -94,6 +94,10 @@
> #if defined(AFS) || defined(KRB5)
> 	int     kerberos_tgt_passing;	/* If true, permit Kerberos TGT
> 					 * passing. */
>+        int     kerberos_tgt_addressless;      /* If true, generate 
>+                                                * addressless TGT when
>+                                                * authenticating with 
>+                                                * a Kerberos password */
> #endif
> #ifdef AFS
> 	int     afs_token_passing;	/* If true, permit AFS token passing. */
>--- ./servconf.c.lanl_cluster	Fri Sep 20 08:32:53 2002
>+++ ./servconf.c	Fri Sep 20 08:57:37 2002
>@@ -99,6 +99,7 @@
> #endif
> #if defined(AFS) || defined(KRB5)
> 	options->kerberos_tgt_passing = -1;
>+	options->kerberos_tgt_addressless = -1;
> #endif
> #ifdef AFS
> 	options->afs_token_passing = -1;
>@@ -226,6 +227,8 @@
> #if defined(AFS) || defined(KRB5)
> 	if (options->kerberos_tgt_passing == -1)
> 		options->kerberos_tgt_passing = 0;
>+	if (options->kerberos_tgt_addressless == -1)
>+	        options->kerberos_tgt_addressless = 0;
> #endif
> #ifdef AFS
> 	if (options->afs_token_passing == -1)
>@@ -298,6 +301,7 @@
> #endif
> #if defined(KRB4) || defined(KRB5)
> 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
>+	sKerberosTgtAddressless,
> #endif
> #if defined(AFS) || defined(KRB5)
> 	sKerberosTgtPassing,
>@@ -357,6 +361,7 @@
> 	{ "kerberosauthentication", sKerberosAuthentication },
> 	{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
> 	{ "kerberosticketcleanup", sKerberosTicketCleanup },
>+	{ "kerberostgtaddressless", sKerberosTgtAddressless },
> #endif
> #if defined(AFS) || defined(KRB5)
> 	{ "kerberostgtpassing", sKerberosTgtPassing },
>@@ -693,6 +698,9 @@
> 	case sKerberosTicketCleanup:
> 		intptr = &options->kerberos_ticket_cleanup;
> 		goto parse_flag;
>+	case sKerberosTgtAddressless:
>+	        intptr = &options->kerberos_tgt_addressless;
>+                goto parse_flag;
> #endif
> #if defined(AFS) || defined(KRB5)
> 	case sKerberosTgtPassing:
>--- ./auth-krb5.c.lanl_cluster	Fri Sep 20 08:32:53 2002
>+++ ./auth-krb5.c	Fri Sep 20 08:51:58 2002
>@@ -263,6 +263,9 @@
> 	char ccname[40];
> 	int tmpfd;
> #endif	
>+
>+	krb5_get_init_creds_opt krb5_tgt_options;
>+
> 	krb5_error_code problem;
> 
> 	if (authctxt->pw == NULL)
>@@ -299,8 +302,21 @@
> 		goto out;
> 
> #else
>-	problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
>-	    authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL, NULL);
>+
>+       if (options.kerberos_tgt_addressless) {
>+               krb5_get_init_creds_opt_init(&krb5_tgt_options);
>+               krb5_get_init_creds_opt_set_forwardable(&krb5_tgt_options, 1);
>+               krb5_get_init_creds_opt_set_address_list(&krb5_tgt_options, NULL);
>+               problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
>+                   authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL,
>+                   &krb5_tgt_options);
>+       } else {
>+               problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
>+                   authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL,
>+                   NULL);
>+       }
>+
>+
> 	if (problem)
> 		goto out;
>

Actions: View | Diff

Attachments on bug 488: 224