From ce0111fe4f1c5ea09a23c2be43fc1fcc1cdbdac8 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 24 Aug 2009 15:17:37 +0200
Subject: some UPN handling fixes

- making the realm part upper case is now optional and done in the
  LDAP backend
- using a username@realm UPN is now optional
---
 server/providers/krb5/krb5_auth.c | 34 +++++++++++-----------------------
 1 file changed, 11 insertions(+), 23 deletions(-)

(limited to 'server/providers/krb5/krb5_auth.c')

diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index 45bbe4cbc..39bc17066 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -31,7 +31,6 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <pwd.h>
-#include <ctype.h>
 
 #include <security/pam_modules.h>
 
@@ -41,25 +40,6 @@
 #include "krb5_plugin/sssd_krb5_locator_plugin.h"
 #include "providers/krb5/krb5_auth.h"
 
-#define REALM_SEPARATOR '@'
-
-static void make_realm_upper_case(const char *upn)
-{
-    char *c;
-
-    c = strchr(upn, REALM_SEPARATOR);
-    if (c == NULL) {
-        DEBUG(9, ("No realm delimiter found in upn [%s].\n", upn));
-        return;
-    }
-
-    while(*(++c) != '\0') {
-        c[0] = toupper(*c);
-    }
-
-    return;
-}
-
 static void fd_nonblocking(int fd) {
     int flags;
 
@@ -452,11 +432,15 @@ static void get_user_upn_done(void *pvt, int err, struct ldb_result *res)
 
     case 1:
         upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL);
-        if (upn == NULL) {
+        if (upn == NULL && krb5_ctx->try_simple_upn) {
             /* NOTE: this is a hack, works only in some environments */
             if (krb5_ctx->realm != NULL) {
                 upn = talloc_asprintf(be_req, "%s@%s", pd->user,
                                       krb5_ctx->realm);
+                if (upn == NULL) {
+                    DEBUG(1, ("failed to build simple upn.\n"));
+                }
+                DEBUG(9, ("Using simple UPN [%s].\n", upn));
             }
         }
         break;
@@ -472,8 +456,6 @@ static void get_user_upn_done(void *pvt, int err, struct ldb_result *res)
         goto failed;
     }
 
-    make_realm_upper_case(upn);
-
     ret = krb5_setup(be_req, upn, &kr);
     if (ret != EOK) {
         DEBUG(1, ("krb5_setup failed.\n"));
@@ -612,6 +594,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, struct bet_ops **ops,
 {
     struct krb5_ctx *ctx = NULL;
     char *value = NULL;
+    bool bool_value;
     int ret;
     struct tevent_signal *sige;
 
@@ -651,6 +634,11 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, struct bet_ops **ops,
     }
     ctx->realm = value;
 
+    ret = confdb_get_bool(bectx->cdb, ctx, bectx->conf_path,
+                          "krb5try_simple_upn", false, &bool_value);
+    if (ret != EOK) goto fail;
+    ctx->try_simple_upn = bool_value;
+
 /* TODO: set options */
 
     sige = tevent_add_signal(bectx->ev, ctx, SIGCHLD, SA_SIGINFO,
-- 
cgit