dovecot-1.1: gssapi: Make auth_krb5_keytab work by calling _regi...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Aug 5 00:33:16 EEST 2008
details: http://hg.dovecot.org/dovecot-1.1/rev/818a638fa9a3
changeset: 7810:818a638fa9a3
user: Timo Sirainen <tss at iki.fi>
date: Mon Aug 04 17:33:09 2008 -0400
description:
gssapi: Make auth_krb5_keytab work by calling _register_acceptor_identity()
instead of relying on KRB5_KTNAME environment to be picked up.
diffstat:
3 files changed, 30 insertions(+), 1 deletion(-)
configure.in | 7 +++++++
src/auth/mech-gssapi.c | 21 +++++++++++++++++++++
src/master/auth-process.c | 3 ++-
diffs (72 lines):
diff -r 33b67dcc6dae -r 818a638fa9a3 configure.in
--- a/configure.in Mon Aug 04 17:04:40 2008 -0400
+++ b/configure.in Mon Aug 04 17:33:09 2008 -0400
@@ -1768,6 +1768,13 @@ if test $want_gssapi != no; then
KRB5_LIBS="$KRB5_LIBS -lgss"
],, $KRB5_LIBS)
+ # MIT has a #define for Heimdal acceptor_identity, but it's way too
+ # difficult to test for it..
+ old_LIBS=$LIBS
+ LIBS="$LIBS $KRB5_LIBS"
+ AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity)
+ LIBS=$old_LIBS
+
if test x$want_gssapi_plugin != xyes; then
AUTH_LIBS="$AUTH_LIBS $KRB5_LIBS"
AUTH_CFLAGS="$AUTH_CFLAGS $KRB5_CFLAGS"
diff -r 33b67dcc6dae -r 818a638fa9a3 src/auth/mech-gssapi.c
--- a/src/auth/mech-gssapi.c Mon Aug 04 17:04:40 2008 -0400
+++ b/src/auth/mech-gssapi.c Mon Aug 04 17:33:09 2008 -0400
@@ -71,6 +71,8 @@ struct gssapi_auth_request {
pool_t pool;
};
+static bool gssapi_initialized = FALSE;
+
static void auth_request_log_gss_error(struct auth_request *request,
OM_uint32 status_value, int status_type,
const char *description)
@@ -94,10 +96,29 @@ static void auth_request_log_gss_error(s
} while (message_context != 0);
}
+static void mech_gssapi_initialize(void)
+{
+ const char *path;
+
+ path = getenv("KRB5_KTNAME");
+ if (path != NULL) {
+#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+ gsskrb5_register_acceptor_identity(path);
+#elif defined (HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+ krb5_gss_register_acceptor_identity(path);
+#endif
+ }
+}
+
static struct auth_request *mech_gssapi_auth_new(void)
{
struct gssapi_auth_request *request;
pool_t pool;
+
+ if (!gssapi_initialized) {
+ gssapi_initialized = TRUE;
+ mech_gssapi_initialize();
+ }
pool = pool_alloconly_create("gssapi_auth_request", 1024);
request = p_new(pool, struct gssapi_auth_request, 1);
diff -r 33b67dcc6dae -r 818a638fa9a3 src/master/auth-process.c
--- a/src/master/auth-process.c Mon Aug 04 17:04:40 2008 -0400
+++ b/src/master/auth-process.c Mon Aug 04 17:33:09 2008 -0400
@@ -488,7 +488,8 @@ static void auth_set_environment(struct
if (set->ntlm_use_winbind)
env_put("NTLM_USE_WINBIND=1");
if (*set->krb5_keytab != '\0') {
- /* Environment used by Kerberos 5 library directly */
+ /* Environment may be used by Kerberos 5 library directly,
+ although we also try to use it directly as well */
env_put(t_strconcat("KRB5_KTNAME=", set->krb5_keytab, NULL));
}
if (*set->gssapi_hostname != '\0') {
More information about the dovecot-cvs
mailing list