[5461] in Moira
Problems with krb4-less update server/client
daemon@ATHENA.MIT.EDU (Evan Broder)
Mon Jul 27 17:46:08 2009
Message-ID: <4A6E1FFC.9030505@mit.edu>
Date: Mon, 27 Jul 2009 14:45:32 -0700
From: Evan Broder <broder@MIT.EDU>
MIME-Version: 1.0
To: moiradev@mit.edu
CC: Debathena <debathena@mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
A few issues with the krb5 pieces of the update code.
get_mr_krb5_update_ticket currently takes a krb5_data as the second
argument; it should take a krb5_data * (which is what mr_send_krb5_auth
passes to it). It looks like this was causing krb5 auth to always fail
for both DCMs and update_test. That was fine, since it would always fall
back on krb4, except that Debathena is planning to start building Moira
without krb4 support soon.
Second, I #ifdefed out the auth_002 method from the update_server
dispatch table in my original path. That was unnecessary, since auth_002
is already #ifdefed to return MR_NO_KRB4 if it's being built without
krb4, and that's a better error than MR_UNKNOWN_PROC.
I've tested that update_test with this patch against an update_server
with this patch (both built without krb4) was able to send a file and
execute /bin/ls.
Here's the necessary patch:
Index: update/update_server.c
===================================================================
--- update/update_server.c (revision 23920)
+++ update/update_server.c (working copy)
@@ -48,9 +48,7 @@
char *str;
void (*proc)(int, char *);
} dispatch_table[] = {
-#ifdef HAVE_KRB4
{ "AUTH_002", auth_002 },
-#endif
{ "AUTH_003", auth_003 },
{ "XFER_002", xfer_002 },
{ "XFER_003", xfer_003 },
Index: update/ticket.c
===================================================================
--- update/ticket.c (revision 23920)
+++ update/ticket.c (working copy)
@@ -35,7 +35,7 @@
static int get_mr_tgt(void);
#endif
-int get_mr_krb5_update_ticket(char *host, krb5_data auth)
+int get_mr_krb5_update_ticket(char *host, krb5_data *auth)
{
krb5_auth_context auth_con = NULL;
krb5_ccache ccache = NULL;
@@ -54,7 +54,7 @@
goto out;
code = krb5_mk_req(context, &auth_con, 0, "host", host, NULL, ccache,
- &auth);
+ auth);
out:
if (ccache)
- Evan