Re: Reading kerberos-adm from DNS: when will MIT-krb support this?

Sat, 15 Mar 2008 19:39:52 -0700 

Ken Raeburn <[EMAIL PROTECTED]> writes:
>> I believe the future has already arrived.  Current MIT code should
>> be capable of finding and using records like this:
>>
>>      spam% dig _kerberos-adm._tcp.umich.edu srv
>
> This is used for the password-changing service, but unfortunately the  
> RPC code used for the kadmin program still looks up admin_server, and  
> uses the first IP address found when looking up that hostname.  No  
> DNS, one hostname, one address, no service-location plugin support,  
> no IPv6.  These do need to be fixed....

This should help.

  - a


diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index bb87f88..48b1792 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -416,10 +416,31 @@ krb5_error_code kadm5_get_config_params(context, 
kdcprofile, kdcenv,
         params.admin_server = strdup(params_in->admin_server);
         if (params.admin_server)
              params.mask |= KADM5_CONFIG_ADMIN_SERVER;
-    } else if (aprofile &&
-              !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
-        params.admin_server = svalue;
-        params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+    } else if (aprofile) {
+      if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+        params.admin_server = svalue;
+        params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+      } else {
+        struct addrlist addrlist;
+        int i;
+        krb5_data drealm;
+        drealm.data   = (void*)params.realm;
+        drealm.length = strlen(params.realm);
+       if (!krb5int_locate_server(context, &drealm, &addrlist, 0,
+                                   "admin_server", "_kerberos-adm", 1,
+                                   DEFAULT_KPASSWD_PORT, 0, 0)) {
+          for (i=0;i<addrlist.naddrs;i++ ) {
+            struct addrinfo *a = addrlist.addrs[i];
+            if (a->ai_family == AF_INET) {
+              params.admin_server  = 
strdup(inet_ntoa(sa2sin(a->ai_addr)->sin_addr));
+              params.kadmind_port  = ntohs(sa2sin (a->ai_addr)->sin_port);
+              params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+              params.mask |= KADM5_CONFIG_KADMIND_PORT;
+              break;
+            }
+          }
+        }
+      }
     }
     if (params.mask & KADM5_CONFIG_ADMIN_SERVER) {
         char *p;

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to