[5461] in Moira

home help back first fref pref prev next nref lref last post

Problems with krb4-less update server/client

daemon@ATHENA.MIT.EDU (Evan Broder)
Mon Jul 27 17:46:08 2009

Message-ID: <4A6E1FFC.9030505@mit.edu>
Date: Mon, 27 Jul 2009 14:45:32 -0700
From: Evan Broder <broder@MIT.EDU>
MIME-Version: 1.0
To: moiradev@mit.edu
CC: Debathena <debathena@mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

A few issues with the krb5 pieces of the update code.

get_mr_krb5_update_ticket currently takes a krb5_data as the second
argument; it should take a krb5_data * (which is what mr_send_krb5_auth
passes to it). It looks like this was causing krb5 auth to always fail
for both DCMs and update_test. That was fine, since it would always fall
back on krb4, except that Debathena is planning to start building Moira
without krb4 support soon.

Second, I #ifdefed out the auth_002 method from the update_server
dispatch table in my original path. That was unnecessary, since auth_002
is already #ifdefed to return MR_NO_KRB4 if it's being built without
krb4, and that's a better error than MR_UNKNOWN_PROC.

I've tested that update_test with this patch against an update_server
with this patch (both built without krb4) was able to send a file and
execute /bin/ls.

Here's the necessary patch:

Index: update/update_server.c
--- update/update_server.c    (revision 23920)
+++ update/update_server.c    (working copy)
@@ -48,9 +48,7 @@
   char *str;
   void (*proc)(int, char *);
 } dispatch_table[] = {
-#ifdef HAVE_KRB4
   { "AUTH_002", auth_002 },
   { "AUTH_003", auth_003 },
   { "XFER_002", xfer_002 },
   { "XFER_003", xfer_003 },
Index: update/ticket.c
--- update/ticket.c    (revision 23920)
+++ update/ticket.c    (working copy)
@@ -35,7 +35,7 @@
 static int get_mr_tgt(void);

-int get_mr_krb5_update_ticket(char *host, krb5_data auth)
+int get_mr_krb5_update_ticket(char *host, krb5_data *auth)
   krb5_auth_context auth_con = NULL;
   krb5_ccache ccache = NULL;
@@ -54,7 +54,7 @@
     goto out;

   code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
-             &auth);
+             auth);

   if (ccache)

- Evan

home help back first fref pref prev next nref lref last post