Mercurial > dovecot > original-hg > dovecot-1.2
changeset 8068:9569038e0816 HEAD
gssapi: Make auth_krb5_keytab work by calling _register_acceptor_identity()
instead of relying on KRB5_KTNAME environment to be picked up.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 04 Aug 2008 17:33:09 -0400 |
parents | 6319603ffa70 |
children | 6396a64b0fcb |
files | configure.in src/auth/mech-gssapi.c src/master/auth-process.c |
diffstat | 3 files changed, 30 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/configure.in Mon Aug 04 17:04:40 2008 -0400 +++ b/configure.in Mon Aug 04 17:33:09 2008 -0400 @@ -1782,6 +1782,13 @@ KRB5_LIBS="$KRB5_LIBS -lgss" ],, $KRB5_LIBS) + # MIT has a #define for Heimdal acceptor_identity, but it's way too + # difficult to test for it.. + old_LIBS=$LIBS + LIBS="$LIBS $KRB5_LIBS" + AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity) + LIBS=$old_LIBS + if test x$want_gssapi_plugin != xyes; then AUTH_LIBS="$AUTH_LIBS $KRB5_LIBS" AUTH_CFLAGS="$AUTH_CFLAGS $KRB5_CFLAGS"
--- a/src/auth/mech-gssapi.c Mon Aug 04 17:04:40 2008 -0400 +++ b/src/auth/mech-gssapi.c Mon Aug 04 17:33:09 2008 -0400 @@ -71,6 +71,8 @@ pool_t pool; }; +static bool gssapi_initialized = FALSE; + static void auth_request_log_gss_error(struct auth_request *request, OM_uint32 status_value, int status_type, const char *description) @@ -94,11 +96,30 @@ } while (message_context != 0); } +static void mech_gssapi_initialize(void) +{ + const char *path; + + path = getenv("KRB5_KTNAME"); + if (path != NULL) { +#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY + gsskrb5_register_acceptor_identity(path); +#elif defined (HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) + krb5_gss_register_acceptor_identity(path); +#endif + } +} + static struct auth_request *mech_gssapi_auth_new(void) { struct gssapi_auth_request *request; pool_t pool; + if (!gssapi_initialized) { + gssapi_initialized = TRUE; + mech_gssapi_initialize(); + } + pool = pool_alloconly_create("gssapi_auth_request", 1024); request = p_new(pool, struct gssapi_auth_request, 1); request->pool = pool;
--- a/src/master/auth-process.c Mon Aug 04 17:04:40 2008 -0400 +++ b/src/master/auth-process.c Mon Aug 04 17:33:09 2008 -0400 @@ -488,7 +488,8 @@ if (set->ntlm_use_winbind) env_put("NTLM_USE_WINBIND=1"); if (*set->krb5_keytab != '\0') { - /* Environment used by Kerberos 5 library directly */ + /* Environment may be used by Kerberos 5 library directly, + although we also try to use it directly as well */ env_put(t_strconcat("KRB5_KTNAME=", set->krb5_keytab, NULL)); } if (*set->gssapi_hostname != '\0') {