summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/krb5/krb5_common.c27
-rw-r--r--src/providers/krb5/krb5_common.h3
-rw-r--r--src/providers/krb5/krb5_utils.c27
-rw-r--r--src/providers/krb5/krb5_utils.h5
4 files changed, 54 insertions, 8 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 45f126f7..ee3d7252 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -858,19 +858,32 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
}
errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
- const char *username, const char **_upn)
+ const char *domain_name, const char *username,
+ const char *user_dom, char **_upn)
{
- const char *realm;
+ const char *realm = NULL;
+ char *uc_dom = NULL;
char *upn;
- realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
- if (realm == NULL) {
- DEBUG(1, ("Missing Kerberos realm.\n"));
- return ENOENT;
+ if (user_dom != NULL && domain_name != NULL &&
+ strcasecmp(domain_name,user_dom) != 0) {
+ uc_dom = get_uppercase_realm(mem_ctx, user_dom);
+ if (uc_dom == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n"));
+ return ENOMEM;
+ }
+ } else {
+ realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
+ if (realm == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Missing Kerberos realm.\n"));
+ return ENOENT;
+ }
}
/* NOTE: this is a hack, works only in some environments */
- upn = talloc_asprintf(mem_ctx, "%s@%s", username, realm);
+ upn = talloc_asprintf(mem_ctx, "%s@%s", username,
+ realm != NULL ? realm : uc_dom);
+ talloc_free(uc_dom);
if (upn == NULL) {
DEBUG(1, ("talloc_asprintf failed.\n"));
return ENOMEM;
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index bc63bf98..13035291 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -175,7 +175,8 @@ errno_t write_krb5info_file(const char *realm, const char *kdc,
errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm);
errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
- const char *username, const char **_upn);
+ const char *domain_name, const char *username,
+ const char *user_dom, char **_upn);
errno_t compare_principal_realm(const char *upn, const char *realm,
bool *different_realm);
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 7a68b0f4..98376169 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -30,6 +30,33 @@
#include "src/util/find_uid.h"
#include "util/util.h"
+errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+ struct krb5_ctx *krb5_ctx,
+ const char *domain_name, const char *user,
+ const char *user_dom, char **_upn)
+{
+ const char *upn;
+ int ret;
+
+ upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL);
+ if (upn == NULL) {
+ ret = krb5_get_simple_upn(mem_ctx, krb5_ctx, domain_name, user,
+ user_dom, _upn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("krb5_get_simple_upn failed.\n"));
+ return ret;
+ }
+ } else {
+ *_upn = talloc_strdup(mem_ctx, upn);
+ if (*_upn == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ return ENOMEM;
+ }
+ }
+
+ return EOK;
+}
+
char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
const char *template, bool file_mode,
bool case_sensitive, bool *private_path)
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index 43fe77bd..28485458 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -32,6 +32,11 @@
#include "providers/krb5/krb5_auth.h"
#include "providers/data_provider.h"
+errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
+ struct krb5_ctx *krb5_ctx,
+ const char *domain_name, const char *user,
+ const char *user_dom, char **_upn);
+
/* Operations on a credential cache */
typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re,
uid_t uid, gid_t gid, bool private_path);