5 files changed, 78 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index 4c3dc35d2..64c017ea0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,6 +35,9 @@ ldblibdir = @ldblibdir@
 if BUILD_KRB5_LOCATOR_PLUGIN
 krb5plugindir = @krb5pluginpath@
 endif
+if BUILD_KRB5_LOCALAUTH_PLUGIN
+krb5localauth_plugindir = @appmodpath@
+endif
 if BUILD_PAC_RESPONDER
 krb5authdata_plugindir = @krb5authdatapluginpath@
 endif
@@ -250,6 +253,11 @@ krb5plugin_LTLIBRARIES = \
     sssd_krb5_locator_plugin.la
 endif
 
+if BUILD_KRB5_LOCALAUTH_PLUGIN
+krb5localauth_plugin_LTLIBRARIES = \
+    sssd_krb5_localauth_plugin.la
+endif
+
 if BUILD_PAC_RESPONDER
 krb5authdata_plugin_LTLIBRARIES = \
     sssd_pac_plugin.la
@@ -2475,6 +2483,17 @@ sssd_krb5_locator_plugin_la_LDFLAGS = \
     -module
 endif
 
+if BUILD_KRB5_LOCALAUTH_PLUGIN
+sssd_krb5_localauth_plugin_la_SOURCES = \
+    src/krb5_plugin/sssd_krb5_localauth_plugin.c
+sssd_krb5_localauth_plugin_la_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(KRB5_CFLAGS)
+sssd_krb5_localauth_plugin_la_LDFLAGS = \
+    -avoid-version \
+    -module
+endif
+
 sssd_pac_plugin_la_SOURCES = \
     src/sss_client/sssd_pac.c \
     src/sss_client/common.c \
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 770a0c7d6..a566a5550 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -5,6 +5,7 @@
 
 %global is_rhel5 %(%{__grep} -c "release 5" /etc/redhat-release)
 %global rhel5_minor %(%{__grep} -o "5.[0-9]*" /etc/redhat-release |%{__sed} -s 's/5.//')
+%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//')
 
 %if 0%{?is_rhel5} > 0
 # we don't want to provide private python extension libs
@@ -48,6 +49,10 @@
     %global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin
 %endif
 
+%if (0%{?fedora} >= 21 || (0%{?rhel} == 7 &&  0%{?rhel7_minor} >= 1))
+    %global with_krb5_localauth_plugin 1
+%endif
+
 Name: @PACKAGE_NAME@
 Version: @PACKAGE_VERSION@
 Release: 0@PRERELEASE_VERSION@%{?dist}
@@ -113,7 +118,11 @@ BuildRequires: pcre-devel
 BuildRequires: libxslt
 BuildRequires: libxml2
 BuildRequires: docbook-style-xsl
+%if (0%{?with_krb5_localauth_plugin} == 1)
+BuildRequires: krb5-devel >= 1.12
+%else
 BuildRequires: krb5-devel
+%endif
 BuildRequires: c-ares-devel
 BuildRequires: python-devel
 BuildRequires: check-devel
@@ -746,6 +755,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/cifs-utils/cifs_idmap_sss.so
 %ghost %{_sysconfdir}/cifs-utils/idmap-plugin
 %endif
+%if (0%{?with_krb5_localauth_plugin} == 1)
+%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
+%endif
 %{_mandir}/man8/pam_sss.8*
 %{_mandir}/man8/sssd_krb5_locator_plugin.8*
 
diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
index 861c8c9fd..90b4a2583 100644
--- a/src/external/krb5.m4
+++ b/src/external/krb5.m4
@@ -96,5 +96,20 @@ AM_CONDITIONAL([BUILD_KRB5_LOCATOR_PLUGIN],
 AM_COND_IF([BUILD_KRB5_LOCATOR_PLUGIN],
            [AC_DEFINE_UNQUOTED(HAVE_KRB5_LOCATOR_PLUGIN, 1, [Build with krb5 locator plugin])])
 
+AC_CHECK_HEADER([krb5/localauth_plugin.h],
+                [have_localauth_plugin=yes],
+                [have_localauth_plugin=no]
+                [AC_MSG_NOTICE([Kerberos localauth plugin cannot be built])],
+                [ #ifdef HAVE_KRB5_KRB5_H
+                  #include <krb5/krb5.h>
+                  #else
+                  #include <krb5.h>
+                  #endif
+                ])
+AM_CONDITIONAL([BUILD_KRB5_LOCALAUTH_PLUGIN],
+               [test x$have_localauth_plugin = xyes])
+AM_COND_IF([BUILD_KRB5_LOCALAUTH_PLUGIN],
+           [AC_DEFINE_UNQUOTED(HAVE_KRB5_LOCALAUTH_PLUGIN, 1, [Build with krb5 localauth plugin])])
+
 CFLAGS=$SAVE_CFLAGS
 LIBS=$SAVE_LIBS
diff --git a/src/krb5_plugin/sssd_krb5_localauth_plugin.c b/src/krb5_plugin/sssd_krb5_localauth_plugin.c
new file mode 100644
index 000000000..93fbbc295
--- /dev/null
+++ b/src/krb5_plugin/sssd_krb5_localauth_plugin.c
@@ -0,0 +1,28 @@
+/*
+    Authors:
+        Sumit Bose <sbose@redhat.com>
+
+    Copyright (C) 2014 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <krb5/localauth_plugin.h>
+
+krb5_error_code
+localauth_sssd_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    return KRB5_PLUGIN_VER_NOTSUPP;
+}
diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c
index 52d9c02e1..5eb1ed685 100644
--- a/src/tests/dlopen-tests.c
+++ b/src/tests/dlopen-tests.c
@@ -57,6 +57,10 @@ struct so {
     { "sssd_krb5_locator_plugin.so", { LIBPFX"sssd_krb5_locator_plugin.so",
                                        NULL } },
 #endif
+#ifdef HAVE_KRB5_LOCALAUTH_PLUGIN
+    { "sssd_krb5_localauth_plugin.so", { LIBPFX"sssd_krb5_localauth_plugin.so",
+                                       NULL } },
+#endif
 #ifdef HAVE_PAC_RESPONDER
     { "sssd_pac_plugin.so", { LIBPFX"sssd_pac_plugin.so", NULL } },
 #endif