OpenAFS Master Repository branch, openafs-stable-1_4_x, updated. openafs-stable-1_4_14_1-156-g30922c5

Gerrit Code Review gerrit@openafs.org
Wed, 24 Jul 2013 08:30:34 -0700 (PDT)


The following commit has been merged in the openafs-stable-1_4_x branch:
commit e3311e0849fdbd4fcd4c400a923840abe384f6ea
Author: Ben Kaduk <kaduk@mit.edu>
Date:   Tue May 14 19:42:05 2013 -0400

    Clean up akimpersonate and use for server-to-server
    
    Since a6d7cacfd, aklog has been able to print a krb5 ticket to
    itself for an arbitrary client principal, allowing a user with
    access to the cell's krb5 key to get tokens as an arbitrary user.
    
    Now that it is possible to use native krb5 tickets with non-DES
    enctypes for authentication, and akimpersonate is available from libauth,
    use printed native krb5 tickets for server-to-server communication (as well
    as the -localauth versions of the client utilities).
    
    Before doing so, refactor the akimpersonate code to be more usable
    and readable, and eliminate some dead code.  For example, we always printed
    addressless tickets, so that code could be removed.  Other code had excessive
    stack usage for a library routine, which is eliminated.  Use a start time
    of 0 instead of 300 so that the printed ticket will always be
    detected as infinite-lifetime.
    
    In order to ensure usability on all platforms (in particular Solaris),
    provide a couple more compat shims to implement routines which are not
    always available from the krb5 library, in particular encode_krb5_ticket
    and encode_krb5_enc_tkt_part.  Thanks to Andrew Deason for implementing
    these compatibility routines.
    
    UKERNEL doesn't need this stuff.
    
    akimpersonate: Handle missing encode_krb5_ticket
    
    If we don't have encode_krb5_ticket and encode_krb5_enc_tkt_part,
    implement our own. Basically, transform the appropriate structure into
    the Heimdal equivalent, and use our builtin Heimdal ASN.1 encoding
    functions to do the actual encoding for us.

 src/aklog/aklog_main.c          |    9 +-
 src/auth/Makefile.in            |    9 +-
 src/auth/akimpersonate.c        |  830 +++++++++++++++++++++++++++------------
 src/auth/akimpersonate_v5gen.c  |  176 +++++++++
 src/auth/akimpersonate_v5gen.h  |   30 ++
 src/auth/authcon.c              |   85 ++++-
 src/libafsauthent/Makefile.in   |    5 +-
 src/shlibafsauthent/Makefile.in |    5 +-
 8 files changed, 891 insertions(+), 258 deletions(-)

-- 
OpenAFS Master Repository