Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 149336 Details for
Bug 231137
[PATCH]: use instance-less AFS service tickets
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch to add "nullafs" option, "-n" for afs5log
pam_krb5-nullafs.patch (text/plain), 6.44 KB, created by
Jan Iven
on 2007-03-06 14:24:59 UTC
(
hide
)
Description:
patch to add "nullafs" option, "-n" for afs5log
Filename:
MIME Type:
Creator:
Jan Iven
Created:
2007-03-06 14:24:59 UTC
Size:
6.44 KB
patch
obsolete
>New private option "nullafs": >Don't bother with afs/example.cell@EXAMPLE.COM, use >afs@EXAMPLE.COM directly. Again saves a few meaningless requests on the KDC. > > >diff -r -U 2 src.orig/minikafs.c src/minikafs.c >--- src.orig/minikafs.c 2006-03-29 23:02:08.000000000 +0200 >+++ src/minikafs.c 2006-10-20 17:17:02.000000000 +0200 >@@ -861,17 +861,19 @@ > > for (i = 0; (ret != 0) && (i < sizeof(base) / sizeof(base[0])); i++) { >- /* Try the cell instance in the cell's realm. */ >- snprintf(principal, principal_size, "%s/%s@%s", >+ if (! options->nullafs ) { >+ /* Try the cell instance in the cell's realm. */ >+ snprintf(principal, principal_size, "%s/%s@%s", > base[i], cell, realm); >- if (options->debug) { >+ if (options->debug) { > debug("attempting to obtain tokens for \"%s\" (\"%s\")", > cell, principal); >- } >- ret = minikafs_5log_with_principal(ctx, options, use_ccache, >+ } >+ ret = minikafs_5log_with_principal(ctx, options, use_ccache, > cell, principal, uid, > try_v5_2b); >- if (ret == 0) { >+ if (ret == 0) { > break; >- } >+ } >+ } > /* If the realm name and cell name are similar, try the NULL > instance. */ >@@ -894,18 +896,20 @@ > if ((defaultrealm != NULL) && > (strcmp(defaultrealm, realm) != 0)) { >- /* Try the cell instance in the default realm. */ >- snprintf(principal, principal_size, "%s/%s@%s", >+ if (! options->nullafs) { >+ /* Try the cell instance in the default realm. */ >+ snprintf(principal, principal_size, "%s/%s@%s", > base[i], cell, defaultrealm); >- if (options->debug) { >+ if (options->debug) { > debug("attempting to obtain tokens for \"%s\" " > "(\"%s\")", cell, principal); >- } >- ret = minikafs_5log_with_principal(ctx, options, >+ } >+ ret = minikafs_5log_with_principal(ctx, options, > use_ccache, > cell, principal, uid, > try_v5_2b); >- if (ret == 0) { >+ if (ret == 0) { > break; >- } >+ } >+ } > /* If the default realm name and cell name are similar, > * try the NULL instance. */ >@@ -1074,16 +1078,18 @@ > ret = -1; > for (i = 0; i < sizeof(base) / sizeof(base[0]); i++) { >- /* Try the cell instance in its own realm. */ >- if (options->debug) { >+ if (! options->nullafs) { >+ /* Try the cell instance in its own realm. */ >+ if (options->debug) { > debug("attempting to obtain tokens for \"%s\" " >- "(\"%s%s%s@%s\")", cell, base[i], >+ "(\"%s%s%s@%s\"), v4", cell, base[i], > (strlen(wcell) > 0) ? "." : "", > wcell, realm); >- } >- ret = minikafs_4log_with_principal(options, cell, >+ } >+ ret = minikafs_4log_with_principal(options, cell, > base[i], wcell, realm, uid); >- if (ret == 0) { >+ if (ret == 0) { > break; >- } >+ } >+ } > /* If the realm name and cell name are similar, try the NULL > instance. */ >@@ -1091,5 +1097,5 @@ > if (options->debug) { > debug("attempting to obtain tokens for \"%s\" " >- "(\"%s@%s\")", cell, base[i], realm); >+ "(\"%s@%s\"), v4", cell, base[i], realm); > } > ret = minikafs_4log_with_principal(options, cell, >@@ -1102,17 +1108,19 @@ > /* Repeat with the local realm. */ > if (strcmp(realm, localrealm) != 0) { >- /* Try the cell instance in its own realm. */ >- if (options->debug) { >+ if (! options->nullafs) { >+ /* Try the cell instance in its own realm. */ >+ if (options->debug) { > debug("attempting to obtain tokens for \"%s\" " >- "(\"%s%s%s@%s\")", cell, base[i], >+ "(\"%s%s%s@%s\"), v4", cell, base[i], > (strlen(wcell) > 0) ? "." : "", > wcell, localrealm); >- } >- ret = minikafs_4log_with_principal(options, cell, >+ } >+ ret = minikafs_4log_with_principal(options, cell, > base[i], wcell, > localrealm, uid); >- if (ret == 0) { >+ if (ret == 0) { > break; >- } >+ } >+ } > /* If the realm name and cell name are similar, try the > * NULL instance. */ >@@ -1120,5 +1128,5 @@ > if (options->debug) { > debug("attempting to obtain tokens for " >- "\"%s\" (\"%s@%s\")", >+ "\"%s\" (\"%s@%s\"), v4", > cell, base[i], localrealm); > } >diff -r -U 2 src.orig/options.c src/options.c >--- src.orig/options.c 2006-02-06 23:57:57.000000000 +0100 >+++ src/options.c 2006-10-20 17:22:26.000000000 +0200 >@@ -393,4 +393,14 @@ > > /* private option */ >+ options->nullafs = option_b(pamh, argc, argv, >+ ctx, options->realm, "nullafs"); >+ if (options->nullafs == -1) { >+ options->nullafs = 0; >+ } >+ if (options->debug && options->nullafs) { >+ debug("flag: nullafs"); >+ } >+ >+ /* private option */ > options->v4 = option_b(pamh, argc, argv, > ctx, options->realm, "krb4_convert"); >diff -r -U 2 src.orig/options.h src/options.h >--- src.orig/options.h 2006-02-06 23:57:57.000000000 +0100 >+++ src/options.h 2006-10-20 17:17:44.000000000 +0200 >@@ -51,4 +51,5 @@ > int use_second_pass; > int use_shmem; >+ int nullafs; > int validate; > int v4; >diff -r -U 2 src.orig/pam_krb5.8.in src/pam_krb5.8.in >--- src.orig/pam_krb5.8.in 2006-02-07 00:12:07.000000000 +0100 >+++ src/pam_krb5.8.in 2006-10-20 17:20:29.000000000 +0200 >@@ -179,4 +179,8 @@ > less-easy-to-guess passwords. > >+.IP nullafs >+tells pam_krb5.so to not bother trying to get fully-instanced AFS service tickets >+of the form "afs/example.cell@EXAMPLE.COM", and go straight for "afs@EXAMPLE.COM". >+ > .IP use_shmem > .IP use_shmem=\fIsshd\fR > >--- src.orig/afs5log.c 2006-02-21 23:39:23.000000000 +0100 >+++ src/afs5log.c 2007-03-02 17:43:26.000000000 +0100 >@@ -124,6 +124,9 @@ > case '5': > try_v5_2b = !try_v5_2b; > break; >+ case 'n': >+ log_options.nullafs = 1; >+ break; > case 'v': > break; > case 'p': >@@ -149,7 +152,7 @@ > } > break; > default: >- printf("%s: [ [-v] [-5] [-p path] " >+ printf("%s: [ [-v] [-5] [-n] [-p path] " > "[cell[=principal]] ] [...]\n", argv[0]); > krb5_free_context(ctx); > exit(0); > >--- src.orig/afs5log.1 2007-03-02 17:44:34.000000000 +0100 >+++ src/afs5log.1 2007-03-02 17:46:52.000000000 +0100 >@@ -27,6 +27,9 @@ > -5 > Skip attempts to use Kerberos IV and just use \fI2b\fP-style tokens, which are > only supported by OpenAFS 1.2.8 and later. >+.TP >+-n >+Directly go for instance-less tokens (afs@REALM instead of afs/realm@REALM). Default is to try afs/real@REALM first and fall back to afs@REALM. > > .SH "SEE ALSO" > .BR pam_krb5 (5)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=149336">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 231137
: 149336