Dear all,
I would like to propose a patch that activates
the configuration stanzas "server-realm". i.e.,
what MIT Kerberos and Heimdal call "domain_realm".
The submitted patch works very well in Gnu Inetutils
for the TELNET client and the r-commands.
Looking at MIT Kerberos or Heimdal, it is incorrect
to use the notion "regex". Instead I suggest "pattern".
The reason is that
[domain_realm]
localhost = LOCALHOST
.ex.org = EX.ORG
is only allowing exact host names, or trailing domain
strings. In fact, the above two stanzas would only match
"localhost" and "*.ex.org", where the asterisk matches
essentially only an alphanumeric string.
My patch deviates from this, in shishi_realm_for_server_file(),
insofar as allowing ".ex.org" to be a domain name tail, i.e.,
it matches "*.ex.org", "*.*.ex.org", etcetera. It is a simple
matter to remove this extra freedom.
There is also a vital change in shishi_cfg() that reads
realm = xstrdup (value);
ri = _shishi_realminfo_new (handle, realm);
Without these two the present code produces a segfault in
shishi_done(), since it would free "value" in statically
allocated memory.
Best regards,
Mats Erik Andersson
>From 3ad99d3e67b6fc2e1c5615b8ca0435cf8b05bae8 Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson <[email protected]>
Date: Mon, 20 Aug 2012 15:18:44 +0200
Subject: [PATCH] libshishi: Activate server-realm setting.
Activate the configuration stanza `server-realm'
and implement shishi_realm_for_server_file().
---
lib/cfg.c | 19 +++++++++++++------
lib/init.c | 5 ++++-
lib/realm.c | 29 +++++++++++++++++++++++++++++
shishi.conf.in | 7 +++++--
4 files changed, 51 insertions(+), 9 deletions(-)
diff --git a/lib/cfg.c b/lib/cfg.c
index a0e39b3..edd67d5 100644
--- a/lib/cfg.c
+++ b/lib/cfg.c
@@ -118,7 +118,7 @@ shishi_cfg (Shishi * handle, const char *option)
char *p = opt;
char *value;
char *realm = NULL;
- int res;
+ int res, server_realm = 0;
size_t i;
while (p != NULL && *p != '\0')
@@ -214,11 +214,10 @@ shishi_cfg (Shishi * handle, const char *option)
case SERVER_REALM_OPTION:
{
struct Shishi_realminfo *ri;
- ri = _shishi_realminfo_new (handle, value);
- ri->serverwildcards = xrealloc (ri->serverwildcards,
- ++ri->nserverwildcards *
- sizeof (*ri->serverwildcards));
- ri->serverwildcards[ri->nserverwildcards - 1] = xstrdup (value);
+
+ server_realm = 1;
+ realm = xstrdup (value);
+ ri = _shishi_realminfo_new (handle, realm);
}
break;
@@ -282,6 +281,14 @@ shishi_cfg (Shishi * handle, const char *option)
char *protstr;
int transport = UDP;
+ if (server_realm) /* Collect server pattern. */
+ {
+ ri->serverwildcards = xrealloc (ri->serverwildcards,
+ ++ri->nserverwildcards *
+ sizeof (*ri->serverwildcards));
+ ri->serverwildcards[ri->nserverwildcards - 1] = xstrdup (value);
+ break;
+ }
if ((protstr = strchr (value, '/')))
{
*protstr = '\0';
diff --git a/lib/init.c b/lib/init.c
index 7fb349c..8c61001 100644
--- a/lib/init.c
+++ b/lib/init.c
@@ -175,7 +175,7 @@ shishi_done (Shishi * handle)
if (handle->realminfos)
{
- size_t i;
+ size_t i, j;
for (i = 0; i < handle->nrealminfos; i++)
{
@@ -183,6 +183,9 @@ shishi_done (Shishi * handle)
free (handle->realminfos[i].kdcaddresses);
free (handle->realminfos[i].name);
+
+ for (j = 0; j < handle->realminfos[i].nserverwildcards; j++)
+ free (handle->realminfos[i].serverwildcards[j]);
}
}
diff --git a/lib/realm.c b/lib/realm.c
index b17010d..1b7c005 100644
--- a/lib/realm.c
+++ b/lib/realm.c
@@ -111,6 +111,35 @@ shishi_realm_default_set (Shishi * handle, const char *realm)
char *
shishi_realm_for_server_file (Shishi * handle, char *server)
{
+ struct Shishi_realminfo *ri;
+ size_t i, j;
+ char *p;
+
+ for (i = 0; i < handle->nrealminfos; i++)
+ {
+ ri = &handle->realminfos[i];
+
+ if (!ri->nserverwildcards)
+ continue;
+
+ for (j = 0; j < ri->nserverwildcards; j++)
+ {
+ /* Exact server name match. */
+ if (strcmp (server, ri->serverwildcards[j]) == 0)
+ return ri->name;
+
+ /* Is this a tail pattern? */
+ if (*(ri->serverwildcards[j]) != '.')
+ continue;
+
+ /* Domain part matching. */
+ p = server;
+ while (p = strchr (p, '.'))
+ if (strcmp (p++, ri->serverwildcards[j]) == 0)
+ return ri->name;
+ }
+ }
+
return NULL;
}
diff --git a/shishi.conf.in b/shishi.conf.in
index 98db22b..2d2c285 100644
--- a/shishi.conf.in
+++ b/shishi.conf.in
@@ -70,8 +70,11 @@
# Specify realm for servers.
# Value is REALM,SERVERREGEXP[,SERVERREGEXP...]
-# SERVERREGEXP is a regular expression matching servers in the realm.
-# The first match is used.
+# SERVERREGEXP is a pattern used to establish membership in the
+# given realm. The pattern is either the exact name of a server,
+# or a trailing domain part expected in a qualified server name,
+# whenever the pattern commences with a period. The first match
+# found will be used in library calls.
#server-realm=JOSEFSSON.ORG,.josefsson.org
# How long shishi waits for a response from a KDC before continuing
--
1.7.2.5
_______________________________________________
Help-shishi mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-shishi
