oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5_425_conv_principal_ext

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3151 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-08-25 23:18:30 +00:00
parent 17472b4c07
commit b613d37d0f
1 changed files with 50 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
lib/krb5/krb5_425_conv_principal.3
View File

@@ -5,6 +5,7 @@
.Os HEIMDAL .Os HEIMDAL
.Sh NAME .Sh NAME
.Nm krb5_425_conv_principal , .Nm krb5_425_conv_principal ,
.Nm krb5_425_conv_principal_ext ,
.Nm krb5_524_conv_principal .Nm krb5_524_conv_principal
.Nd Converts to and from version 4 principals .Nd Converts to and from version 4 principals
@@ -12,7 +13,10 @@
.Fd #include <krb5.h> .Fd #include <krb5.h>
.Ft krb5_error_code .Ft krb5_error_code
.Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *princ" .Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal"
.Ft krb5_error_code
.Fn krb5_425_conv_principal_ext "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_boolean (*func)(krb5_context, krb5_principal)" "krb5_boolean resolve" "krb5_principal *principal"
.Ft krb5_error_code .Ft krb5_error_code
.Fn krb5_524_conv_principal "krb5_context context" "const krb5_principal principal" "char *name" "char *instance" "char *realm" .Fn krb5_524_conv_principal "krb5_context context" "const krb5_principal principal" "char *name" "char *instance" "char *realm"
@@ -31,37 +35,48 @@ question, while the instance of a version 4 principal will only
contain the first component. Because of these problems the conversion contain the first component. Because of these problems the conversion
between principals will have to be site customized. between principals will have to be site customized.
.Pp .Pp
.Fn krb5_425_conv_principal .Fn krb5_425_conv_principal_ext
will try to convert a version 4 principal, given by will try to convert a version 4 principal, given by
.Fa name , .Fa name ,
.Fa instance , .Fa instance ,
and and
.Fa realm , .Fa realm ,
to a version 5 principal. To do this it will look up the name in to a version 5 principal. This can result in several possible
principals, and if
.Fa func
is non-NULL, it will be called for each candidate principal.
.Fa func
should return true if the principal was
.Dq good .
To accomplish this,
.Fn krb5_425_conv_principal_ext
will look up the name in
.Pa krb5.conf . .Pa krb5.conf .
It first looks in the It first looks in the
.Li v4_name_convert/host .Li v4_name_convert/host
binding, which should contain a list of version 4 names whose instance subsection, which should contain a list of version 4 names whose
should be treated as a hostname. This list can be specified for each instance should be treated as a hostname. This list can be specified
realm (in the for each realm (in the
.Li realms .Li realms
section), or in the section), or in the
.Li libdefaults .Li libdefaults
section. If the name is found the first component of the principal section. If the name is found the resulting name of the principal
will be value of this binding. The instance is then first looked up in will be the value of this binding. The instance is then first looked
up in
.Li v4_instance_convert .Li v4_instance_convert
for the specified realm. If found the resulting value will be used as for the specified realm. If found the resulting value will be used as
instance (this can be used for special cases). If not found you can instance (this can be used for special cases), no further attempts
optionally have the instance looked up (with will be made to find a conversion if this fails (with
.Fn gethostbyname ) . .Fa func ) .
This is a time consuming, error prone, and unsafe operation, and it is If the
not turned on by default. You can turn on this feature by setting .Fa resolve
.Li v4_instance_resolve parameter is true, the instance will be looked up with
to true in the .Fn gethostbyname .
.Li libdefaults This can be a time consuming, error prone, and unsafe operation. Next
section. As a final fallback you can, for each realm, include a a list of hostnames will be created from the instance and the
.Li default_realm .Li v4_domains
that will be appended to the instance without further checks. variable, which should contain a list of possible domains for the
specific realm.
.Pp .Pp
On the other hand, if the name is not found in a On the other hand, if the name is not found in a
.Li host .Li host
@@ -70,6 +85,20 @@ section, it is looked up in a
binding. If found here the name will be converted, but the instance binding. If found here the name will be converted, but the instance
will be untouched. will be untouched.
.Pp .Pp
.Fn krb5_425_conv_principal
will call
.Fn krb5_425_conv_principal_ext
with
.Dv NULL
as
.Fa func ,
and the value of
.Li v4_instance_resolve
(from the
.Li libdefaults
section) as
.Fa resolve .
.Pp
.Fn krb5_524_conv_principal .Fn krb5_524_conv_principal
basically does the opposite of basically does the opposite of
.Fn krb5_425_conv_principal , .Fn krb5_425_conv_principal ,
@@ -117,7 +146,7 @@ file that covers this case might look like:
v4_instance_convert = { v4_instance_convert = {
foo = foo.com foo = foo.com
} }
default_domain = foo.com v4_domains = foo.com
} }
.Ed .Ed
.Pp .Pp
@@ -137,7 +166,7 @@ other.a-host \(-> other/a-host
.Ed .Ed
.Pp .Pp
The first three are what you expect. If you remove the The first three are what you expect. If you remove the
.Dq default_domain , .Dq v4_domains ,
the fourth entry will result in an error (since the host the fourth entry will result in an error (since the host
.Dq other .Dq other
can't be found). Even if can't be found). Even if