Mercurial > dovecot > original-hg > dovecot-1.2

changeset 8068:9569038e0816 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
gssapi: Make auth_krb5_keytab work by calling _register_acceptor_identity() instead of relying on KRB5_KTNAME environment to be picked up.
author Timo Sirainen <tss@iki.fi>
date Mon, 04 Aug 2008 17:33:09 -0400
parents 6319603ffa70
children 6396a64b0fcb
files configure.in src/auth/mech-gssapi.c src/master/auth-process.c
diffstat 3 files changed, 30 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/configure.in	Mon Aug 04 17:04:40 2008 -0400
+++ b/configure.in	Mon Aug 04 17:33:09 2008 -0400
@@ -1782,6 +1782,13 @@
 					KRB5_LIBS="$KRB5_LIBS -lgss"
 				],, $KRB5_LIBS)
 
+				# MIT has a #define for Heimdal acceptor_identity, but it's way too
+				# difficult to test for it..
+				old_LIBS=$LIBS
+				LIBS="$LIBS $KRB5_LIBS"
+				AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity)
+				LIBS=$old_LIBS
+
 				if test x$want_gssapi_plugin != xyes; then
 				  AUTH_LIBS="$AUTH_LIBS $KRB5_LIBS"
 				  AUTH_CFLAGS="$AUTH_CFLAGS $KRB5_CFLAGS"
--- a/src/auth/mech-gssapi.c	Mon Aug 04 17:04:40 2008 -0400
+++ b/src/auth/mech-gssapi.c	Mon Aug 04 17:33:09 2008 -0400
@@ -71,6 +71,8 @@
 	pool_t pool;
 };
 
+static bool gssapi_initialized = FALSE;
+
 static void auth_request_log_gss_error(struct auth_request *request,
 				       OM_uint32 status_value, int status_type,
 				       const char *description)
@@ -94,11 +96,30 @@
 	} while (message_context != 0);
 }
 
+static void mech_gssapi_initialize(void)
+{
+	const char *path;
+
+	path = getenv("KRB5_KTNAME");
+	if (path != NULL) {
+#ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
+		gsskrb5_register_acceptor_identity(path);
+#elif defined (HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY)
+		krb5_gss_register_acceptor_identity(path);
+#endif
+	}
+}
+
 static struct auth_request *mech_gssapi_auth_new(void)
 {
 	struct gssapi_auth_request *request;
 	pool_t pool;
 
+	if (!gssapi_initialized) {
+		gssapi_initialized = TRUE;
+		mech_gssapi_initialize();
+	}
+
 	pool = pool_alloconly_create("gssapi_auth_request", 1024);
 	request = p_new(pool, struct gssapi_auth_request, 1);
 	request->pool = pool;
--- a/src/master/auth-process.c	Mon Aug 04 17:04:40 2008 -0400
+++ b/src/master/auth-process.c	Mon Aug 04 17:33:09 2008 -0400
@@ -488,7 +488,8 @@
 	if (set->ntlm_use_winbind)
 		env_put("NTLM_USE_WINBIND=1");
 	if (*set->krb5_keytab != '\0') {
-		/* Environment used by Kerberos 5 library directly */
+		/* Environment may be used by Kerberos 5 library directly,
+		   although we also try to use it directly as well */
 		env_put(t_strconcat("KRB5_KTNAME=", set->krb5_keytab, NULL));
 	}
 	if (*set->gssapi_hostname != '\0') {