diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-05 21:16:05 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-07 15:45:07 +0100 |
commit | 399518984f37bd67d2d547de66efb875bc21ccbc (patch) | |
tree | ed04e69fbb1ab2a0a10429b8f1196d737974feb4 /src | |
parent | 55b8413d20d15f342a5c08a3077ca22028fd1a0d (diff) | |
download | sssd-399518984f37bd67d2d547de66efb875bc21ccbc.tar.gz sssd-399518984f37bd67d2d547de66efb875bc21ccbc.tar.bz2 sssd-399518984f37bd67d2d547de66efb875bc21ccbc.zip |
Search for SHORTNAME$@REALM instead of fqdn$@REALM by default
The search was intended for the AD provider mostly, but keytabs coming
from AD via samba don't contain fqdn$@REALM but rather uppercased
SHORTNAME$@REALM
https://fedorahosted.org/sssd/ticket/1740
Diffstat (limited to 'src')
-rw-r--r-- | src/util/sss_krb5.c | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 1b8dc79b..bb61d109 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -26,6 +26,35 @@ #include "util/util.h" #include "util/sss_krb5.h" +static char * +get_primary(TALLOC_CTX *mem_ctx, const char *pattern, const char *hostname) +{ + char *primary; + char *dot; + char *c; + char *shortname; + + if (strcmp(pattern, "%S$") == 0) { + shortname = talloc_strdup(mem_ctx, hostname); + if (!shortname) return NULL; + + dot = strchr(shortname, '.'); + if (dot) { + *dot = '\0'; + } + + for (c=shortname; *c != '\0'; ++c) { + *c = toupper(*c); + } + + primary = talloc_asprintf(mem_ctx, "%s$", shortname); + talloc_free(shortname); + return primary; + } + + return talloc_asprintf(mem_ctx, pattern, hostname); +} + errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, const char *hostname, const char *desired_realm, @@ -48,16 +77,19 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, int realm_len; /** + * The %s conversion is passed as-is, the %S conversion is translated to + * "short host name" + * * Priority of lookup: * - our.hostname@REALM or host/our.hostname@REALM depending on the input - * - our.hostname$@REALM (AD domain) + * - SHORT.HOSTNAME$@REALM (AD domain) * - host/our.hostname@REALM * - foobar$@REALM (AD domain) * - host/foobar@REALM * - host/foo@BAR * - pick the first principal in the keytab */ - const char *primary_patterns[] = {"%s", "%s$", "host/%s", "*$", "host/*", + const char *primary_patterns[] = {"%s", "%S$", "host/%s", "*$", "host/*", "host/*", NULL}; const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s", NULL, NULL}; @@ -99,7 +131,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, do { if (primary_patterns[i]) { - primary = talloc_asprintf(tmp_ctx, primary_patterns[i], hostname); + primary = get_primary(tmp_ctx, primary_patterns[i], hostname); if (primary == NULL) { ret = ENOMEM; goto done; |