diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-10-24 09:33:23 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-05 00:14:05 +0100 |
| commit | b598728537c67557f20d760e2e4127ec868a434b (patch) | |
| tree | ce078362a3cf380225bc0389636b2284c623b303 /src/providers/krb5/krb5_common.c | |
| parent | ef3053bd244cb3b104b608b338c764c6a2e34f29 (diff) | |
| download | sssd-b598728537c67557f20d760e2e4127ec868a434b.tar.gz sssd-b598728537c67557f20d760e2e4127ec868a434b.tar.xz sssd-b598728537c67557f20d760e2e4127ec868a434b.zip | |
Add new call find_or_guess_upn()
With the current approach the upn was either a pointer to a const string
in a ldb_message or a string created with the help of talloc. This new
function always makes it a talloc'ed value.
Additionally krb5_get_simple_upn() is enhanced to handle sub-domains as
well.
Diffstat (limited to 'src/providers/krb5/krb5_common.c')
| -rw-r--r-- | src/providers/krb5/krb5_common.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 45f126f7b..ee3d72525 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -858,19 +858,32 @@ errno_t krb5_install_sigterm_handler(struct tevent_context *ev, } errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, - const char *username, const char **_upn) + const char *domain_name, const char *username, + const char *user_dom, char **_upn) { - const char *realm; + const char *realm = NULL; + char *uc_dom = NULL; char *upn; - realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); - if (realm == NULL) { - DEBUG(1, ("Missing Kerberos realm.\n")); - return ENOENT; + if (user_dom != NULL && domain_name != NULL && + strcasecmp(domain_name,user_dom) != 0) { + uc_dom = get_uppercase_realm(mem_ctx, user_dom); + if (uc_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); + return ENOMEM; + } + } else { + realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("Missing Kerberos realm.\n")); + return ENOENT; + } } /* NOTE: this is a hack, works only in some environments */ - upn = talloc_asprintf(mem_ctx, "%s@%s", username, realm); + upn = talloc_asprintf(mem_ctx, "%s@%s", username, + realm != NULL ? realm : uc_dom); + talloc_free(uc_dom); if (upn == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; |