Return-Path: X-Original-To: krb5-send-pr-nospam1@krbdev.mit.edu Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 6921ACCF0D; Sun, 21 Jun 2009 17:42:05 +0000 (UTC) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n5LHg5CU026399; Sun, 21 Jun 2009 13:42:05 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n5KHbg1d005363 for ; Sat, 20 Jun 2009 13:37:44 -0400 Received: from mit.edu (M24-004-BARRACUDA-2.MIT.EDU [18.7.7.112]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id n5KHbYIl007200 for ; Sat, 20 Jun 2009 13:37:35 -0400 (EDT) Received: from gentzen.megacz.com (localhost [127.0.0.1]) by mit.edu (Spam Firewall) with ESMTP id DD630151F7B7 for ; Sat, 20 Jun 2009 13:37:31 -0400 (EDT) Received: from gentzen.megacz.com (gentzen.megacz.com [65.23.129.159]) by mit.edu with ESMTP id 9XhEFRirfm4miMG7 for ; Sat, 20 Jun 2009 13:37:30 -0400 (EDT) Envelope-To: krb5-bugs@mit.edu Received: from localhost (GENTZEN.MEGACZ.COM) by megacz.com (org.ibex.mail.SMTP) with SMTP for ; Sat, 20 Jun 2009 10:37:28 -0700 Received: by gentzen.megacz.com (sSMTP sendmail emulation); Sat, 20 Jun 2009 10:37:28 -0700 From: Adam Megacz Newsgroups: gmane.comp.encryption.kerberos.general, gmane.comp.encryption.kerberos.devel Subject: Re: Reading kerberos-adm from DNS (PATCH) Organization: Myself References: <200703120511.AAA11265@quince.ifs.umich.edu> <1E393FB5-8557-4BBE-8896-5FCE67A6F41D@mit.edu> <62BB655E-AFB4-4C02-9B00-C6980E36D857@mit.edu> X-Home-Page: http://www.megacz.com/ Date: Sat, 20 Jun 2009 10:37:21 -0700 Message-ID: User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) Cancel-Lock: sha1:ISz8i45BR74SD9ytTRlg4FFh2UM= In-Reply-To: <62BB655E-AFB4-4C02-9B00-C6980E36D857@mit.edu> (Ken Raeburn's message of "Tue, 1 Apr 2008 13:33:20 -0400") MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Posted-To: gmane.comp.encryption.kerberos.general, gmane.comp.encryption.kerberos.devel X-Spam-Score: 1.58 X-Spam-Level: * (1.58) X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 X-Mailman-Approved-At: Sun, 21 Jun 2009 13:42:02 -0400 CC: krb5-bugs@mit.edu, krbdev@mit.edu, kerberos@mit.edu X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 3826 The following message is a courtesy copy of an article that has been posted to gmane.comp.encryption.kerberos.general,gmane.comp.encryption.kerberos.devel as well. It seems that this patch didn't wind up in the recent kerberos release. Do you think somebody could review it for inclusion soon, so that it has a chance of making it into the next release? If any changes need to be made, please let me know and I will make them. Thanks! - a Ken Raeburn writes: > Sure. :) > At first glance it looks good, but I want to have a closer look > before committing it (unless someone else gets to it first). Thanks > for sending it in! > > Adam Megacz writes: > > Hi, would it be possible for the Kerberos maintainers to consider the > > patch below for inclusion in the main libkadm5 distribution? > > > > - a > > > > Adam Megacz writes: > >> Ken Raeburn writes: > >>>> I believe the future has already arrived. Current MIT code should > >>>> be capable of finding and using records like this: > >>>> > >>>> spam% dig _kerberos-adm._tcp.umich.edu srv > >>> > >>> This is used for the password-changing service, but unfortunately the > >>> RPC code used for the kadmin program still looks up admin_server, and > >>> uses the first IP address found when looking up that hostname. No > >>> DNS, one hostname, one address, no service-location plugin support, > >>> no IPv6. These do need to be fixed.... > >> > >> This should help. > >> > >> - a > >> > >> > >> diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c > >> index bb87f88..48b1792 100644 > >> --- a/src/lib/kadm5/alt_prof.c > >> +++ b/src/lib/kadm5/alt_prof.c > >> @@ -416,10 +416,31 @@ krb5_error_code kadm5_get_config_params(context, kdcprofile, kdcenv, > >> params.admin_server = strdup(params_in->admin_server); > >> if (params.admin_server) > >> params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> - } else if (aprofile && > >> - !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { > >> - params.admin_server = svalue; > >> - params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> + } else if (aprofile) { > >> + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { > >> + params.admin_server = svalue; > >> + params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> + } else { > >> + struct addrlist addrlist; > >> + int i; > >> + krb5_data drealm; > >> + drealm.data = (void*)params.realm; > >> + drealm.length = strlen(params.realm); > >> + if (!krb5int_locate_server(context, &drealm, &addrlist, 0, > >> + "admin_server", "_kerberos-adm", 1, > >> + DEFAULT_KPASSWD_PORT, 0, 0)) { > >> + for (i=0;i >> + struct addrinfo *a = addrlist.addrs[i]; > >> + if (a->ai_family == AF_INET) { > >> + params.admin_server = strdup(inet_ntoa(sa2sin(a->ai_addr)->sin_addr)); > >> + params.kadmind_port = ntohs(sa2sin (a->ai_addr)->sin_port); > >> + params.mask |= KADM5_CONFIG_ADMIN_SERVER; > >> + params.mask |= KADM5_CONFIG_KADMIND_PORT; > >> + break; > >> + } > >> + } > >> + } > >> + } > >> } > >> if (params.mask & KADM5_CONFIG_ADMIN_SERVER) { > >> char *p; > >> > >> ________________________________________________ > >> Kerberos mailing list Kerberos@mit.edu > >> https://mailman.mit.edu/mailman/listinfo/kerberos > >> > > > > -- > > > > ________________________________________________ > > Kerberos mailing list Kerberos@mit.edu > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > -- >