diff options
| author | Sumit Bose <sbose@redhat.com> | 2009-08-24 15:17:37 +0200 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2009-08-24 11:03:22 -0400 |
| commit | ce0111fe4f1c5ea09a23c2be43fc1fcc1cdbdac8 (patch) | |
| tree | dcea6a6071220dda84ee0e6abc6479780c9ce41d /server/providers/krb5 | |
| parent | 7bc48f82f587b148b821e34f57c1414e82a18276 (diff) | |
| download | sssd-ce0111fe4f1c5ea09a23c2be43fc1fcc1cdbdac8.tar.gz sssd-ce0111fe4f1c5ea09a23c2be43fc1fcc1cdbdac8.tar.bz2 sssd-ce0111fe4f1c5ea09a23c2be43fc1fcc1cdbdac8.zip | |
some UPN handling fixes
- making the realm part upper case is now optional and done in the
LDAP backend
- using a username@realm UPN is now optional
Diffstat (limited to 'server/providers/krb5')
| -rw-r--r-- | server/providers/krb5/krb5_auth.c | 34 | ||||
| -rw-r--r-- | server/providers/krb5/krb5_auth.h | 1 |
2 files changed, 12 insertions, 23 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 45bbe4cb..39bc1706 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -31,7 +31,6 @@ #include <unistd.h> #include <fcntl.h> #include <pwd.h> -#include <ctype.h> #include <security/pam_modules.h> @@ -41,25 +40,6 @@ #include "krb5_plugin/sssd_krb5_locator_plugin.h" #include "providers/krb5/krb5_auth.h" -#define REALM_SEPARATOR '@' - -static void make_realm_upper_case(const char *upn) -{ - char *c; - - c = strchr(upn, REALM_SEPARATOR); - if (c == NULL) { - DEBUG(9, ("No realm delimiter found in upn [%s].\n", upn)); - return; - } - - while(*(++c) != '\0') { - c[0] = toupper(*c); - } - - return; -} - static void fd_nonblocking(int fd) { int flags; @@ -452,11 +432,15 @@ static void get_user_upn_done(void *pvt, int err, struct ldb_result *res) case 1: upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL); - if (upn == NULL) { + if (upn == NULL && krb5_ctx->try_simple_upn) { /* NOTE: this is a hack, works only in some environments */ if (krb5_ctx->realm != NULL) { upn = talloc_asprintf(be_req, "%s@%s", pd->user, krb5_ctx->realm); + if (upn == NULL) { + DEBUG(1, ("failed to build simple upn.\n")); + } + DEBUG(9, ("Using simple UPN [%s].\n", upn)); } } break; @@ -472,8 +456,6 @@ static void get_user_upn_done(void *pvt, int err, struct ldb_result *res) goto failed; } - make_realm_upper_case(upn); - ret = krb5_setup(be_req, upn, &kr); if (ret != EOK) { DEBUG(1, ("krb5_setup failed.\n")); @@ -612,6 +594,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, struct bet_ops **ops, { struct krb5_ctx *ctx = NULL; char *value = NULL; + bool bool_value; int ret; struct tevent_signal *sige; @@ -651,6 +634,11 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, struct bet_ops **ops, } ctx->realm = value; + ret = confdb_get_bool(bectx->cdb, ctx, bectx->conf_path, + "krb5try_simple_upn", false, &bool_value); + if (ret != EOK) goto fail; + ctx->try_simple_upn = bool_value; + /* TODO: set options */ sige = tevent_add_signal(bectx->ev, ctx, SIGCHLD, SA_SIGINFO, diff --git a/server/providers/krb5/krb5_auth.h b/server/providers/krb5/krb5_auth.h index d1c5c7c8..540f65fa 100644 --- a/server/providers/krb5/krb5_auth.h +++ b/server/providers/krb5/krb5_auth.h @@ -61,6 +61,7 @@ struct krb5_ctx { char *kdcip; char *realm; + bool try_simple_upn; }; struct krb5_req { |