diff options
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 3 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.h | 2 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child.c | 15 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.c | 9 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.h | 2 |
5 files changed, 28 insertions, 3 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 12c0bb678..b68c72b49 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -175,7 +175,8 @@ struct dp_option ipa_def_krb5_opts[] = { { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER }, { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE } }; int ipa_get_options(TALLOC_CTX *memctx, diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 575911504..20074b45b 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -40,7 +40,7 @@ struct ipa_service { /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_KRB5_OPTS_TEST 14 +#define IPA_KRB5_OPTS_TEST 15 enum ipa_basic_opt { IPA_DOMAIN = 0, diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ec2251e43..fe8721094 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -586,6 +586,18 @@ done: } +static void krb5_set_canonicalize(krb5_get_init_creds_opt *opts) +{ + int canonicalize = 0; + char *tmp_str; + + tmp_str = getenv(SSSD_KRB5_CANONICALIZE); + if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { + canonicalize = 1; + } + sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize); +} + static krb5_error_code get_and_save_tgt_with_keytab(krb5_context ctx, krb5_principal princ, krb5_keytab keytab, @@ -601,6 +613,7 @@ static krb5_error_code get_and_save_tgt_with_keytab(krb5_context ctx, krb5_get_init_creds_opt_set_address_list(&options, NULL); krb5_get_init_creds_opt_set_forwardable(&options, 0); krb5_get_init_creds_opt_set_proxiable(&options, 0); + krb5_set_canonicalize(&options); kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, &options); @@ -1444,6 +1457,8 @@ static int krb5_child_setup(struct krb5_req *kr, uint32_t offline) } if (!offline) { + krb5_set_canonicalize(kr->options); + use_fast_str = getenv(SSSD_KRB5_USE_FAST); if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) { DEBUG(9, ("Not using FAST.\n")); diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 4e792861b..4675e0a1f 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -45,7 +45,8 @@ struct dp_option default_krb5_opts[] = { { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER }, { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } }; errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, @@ -169,6 +170,12 @@ errno_t check_and_export_options(struct dp_option *opts, } } + if (dp_opt_get_bool(opts, KRB5_CANONICALIZE)) { + setenv(SSSD_KRB5_CANONICALIZE, "true", 1); + } else { + setenv(SSSD_KRB5_CANONICALIZE, "false", 1); + } + dummy = dp_opt_get_cstring(opts, KRB5_KDC); if (dummy == NULL) { DEBUG(1, ("No KDC explicitly configured, using defaults.\n")); diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 670fd1a51..950505f12 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -39,6 +39,7 @@ #define SSSD_KRB5_LIFETIME "SSSD_KRB5_LIFETIME" #define SSSD_KRB5_USE_FAST "SSSD_KRB5_USE_FAST" #define SSSD_KRB5_FAST_PRINCIPAL "SSSD_KRB5_FAST_PRINCIPAL" +#define SSSD_KRB5_CANONICALIZE "SSSD_KRB5_CANONICALIZE" #define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s" #define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s" @@ -61,6 +62,7 @@ enum krb5_opts { KRB5_RENEW_INTERVAL, KRB5_USE_FAST, KRB5_FAST_PRINCIPAL, + KRB5_CANONICALIZE, KRB5_OPTS }; |