diff options
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_common.c | 27 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.h | 3 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.c | 27 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.h | 5 |
4 files changed, 54 insertions, 8 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 45f126f7..ee3d7252 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -858,19 +858,32 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev, } errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, - const char *username, const char **_upn) + const char *domain_name, const char *username, + const char *user_dom, char **_upn) { - const char *realm; + const char *realm = NULL; + char *uc_dom = NULL; char *upn; - realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); - if (realm == NULL) { - DEBUG(1, ("Missing Kerberos realm.\n")); - return ENOENT; + if (user_dom != NULL && domain_name != NULL && + strcasecmp(domain_name,user_dom) != 0) { + uc_dom = get_uppercase_realm(mem_ctx, user_dom); + if (uc_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); + return ENOMEM; + } + } else { + realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("Missing Kerberos realm.\n")); + return ENOENT; + } } /* NOTE: this is a hack, works only in some environments */ - upn = talloc_asprintf(mem_ctx, "%s@%s", username, realm); + upn = talloc_asprintf(mem_ctx, "%s@%s", username, + realm != NULL ? realm : uc_dom); + talloc_free(uc_dom); if (upn == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index bc63bf98..13035291 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -175,7 +175,8 @@ errno_t write_krb5info_file(const char *realm, const char *kdc, errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm); errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, - const char *username, const char **_upn); + const char *domain_name, const char *username, + const char *user_dom, char **_upn); errno_t compare_principal_realm(const char *upn, const char *realm, bool *different_realm); diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 7a68b0f4..98376169 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -30,6 +30,33 @@ #include "src/util/find_uid.h" #include "util/util.h" +errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg, + struct krb5_ctx *krb5_ctx, + const char *domain_name, const char *user, + const char *user_dom, char **_upn) +{ + const char *upn; + int ret; + + upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL); + if (upn == NULL) { + ret = krb5_get_simple_upn(mem_ctx, krb5_ctx, domain_name, user, + user_dom, _upn); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("krb5_get_simple_upn failed.\n")); + return ret; + } + } else { + *_upn = talloc_strdup(mem_ctx, upn); + if (*_upn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); + return ENOMEM; + } + } + + return EOK; +} + char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, const char *template, bool file_mode, bool case_sensitive, bool *private_path) diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index 43fe77bd..28485458 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -32,6 +32,11 @@ #include "providers/krb5/krb5_auth.h" #include "providers/data_provider.h" +errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg, + struct krb5_ctx *krb5_ctx, + const char *domain_name, const char *user, + const char *user_dom, char **_upn); + /* Operations on a credential cache */ typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); |