summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-01-05 21:16:05 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-01-07 15:45:07 +0100
commit399518984f37bd67d2d547de66efb875bc21ccbc (patch)
treeed04e69fbb1ab2a0a10429b8f1196d737974feb4 /src
parent55b8413d20d15f342a5c08a3077ca22028fd1a0d (diff)
downloadsssd-399518984f37bd67d2d547de66efb875bc21ccbc.tar.gz
sssd-399518984f37bd67d2d547de66efb875bc21ccbc.tar.bz2
sssd-399518984f37bd67d2d547de66efb875bc21ccbc.zip
Search for SHORTNAME$@REALM instead of fqdn$@REALM by default
The search was intended for the AD provider mostly, but keytabs coming from AD via samba don't contain fqdn$@REALM but rather uppercased SHORTNAME$@REALM https://fedorahosted.org/sssd/ticket/1740
Diffstat (limited to 'src')
-rw-r--r--src/util/sss_krb5.c38
1 files changed, 35 insertions, 3 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 1b8dc79b..bb61d109 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -26,6 +26,35 @@
#include "util/util.h"
#include "util/sss_krb5.h"
+static char *
+get_primary(TALLOC_CTX *mem_ctx, const char *pattern, const char *hostname)
+{
+ char *primary;
+ char *dot;
+ char *c;
+ char *shortname;
+
+ if (strcmp(pattern, "%S$") == 0) {
+ shortname = talloc_strdup(mem_ctx, hostname);
+ if (!shortname) return NULL;
+
+ dot = strchr(shortname, '.');
+ if (dot) {
+ *dot = '\0';
+ }
+
+ for (c=shortname; *c != '\0'; ++c) {
+ *c = toupper(*c);
+ }
+
+ primary = talloc_asprintf(mem_ctx, "%s$", shortname);
+ talloc_free(shortname);
+ return primary;
+ }
+
+ return talloc_asprintf(mem_ctx, pattern, hostname);
+}
+
errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
const char *hostname,
const char *desired_realm,
@@ -48,16 +77,19 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
int realm_len;
/**
+ * The %s conversion is passed as-is, the %S conversion is translated to
+ * "short host name"
+ *
* Priority of lookup:
* - our.hostname@REALM or host/our.hostname@REALM depending on the input
- * - our.hostname$@REALM (AD domain)
+ * - SHORT.HOSTNAME$@REALM (AD domain)
* - host/our.hostname@REALM
* - foobar$@REALM (AD domain)
* - host/foobar@REALM
* - host/foo@BAR
* - pick the first principal in the keytab
*/
- const char *primary_patterns[] = {"%s", "%s$", "host/%s", "*$", "host/*",
+ const char *primary_patterns[] = {"%s", "%S$", "host/%s", "*$", "host/*",
"host/*", NULL};
const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s",
NULL, NULL};
@@ -99,7 +131,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
do {
if (primary_patterns[i]) {
- primary = talloc_asprintf(tmp_ctx, primary_patterns[i], hostname);
+ primary = get_primary(tmp_ctx, primary_patterns[i], hostname);
if (primary == NULL) {
ret = ENOMEM;
goto done;