diff options
author | Sumit Bose <sbose@redhat.com> | 2016-11-17 10:55:43 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-04-11 17:21:23 +0200 |
commit | 1193f20a8267e506d863b27c74870c86c085902b (patch) | |
tree | 8711d99b0f255e615492810a04352952e75406b8 | |
parent | 955574eeb3a3b937abc3df150e9bbbb79b75c889 (diff) | |
download | sssd-1193f20a8267e506d863b27c74870c86c085902b.tar.gz sssd-1193f20a8267e506d863b27c74870c86c085902b.tar.xz sssd-1193f20a8267e506d863b27c74870c86c085902b.zip |
KRB5_LOCATOR: add env variable to disable plugin
If the new environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any
value SSSD's krb5 locator plugin is disabled. The variable is needed
because there is currently no other way than removing the plugin
completely to disable it. For a use-case see e.g.
https://bugzilla.redhat.com/show_bug.cgi?id=1072939.
Resolves:
https://pagure.io/SSSD/sssd/issue/3359
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r-- | src/krb5_plugin/sssd_krb5_locator_plugin.c | 15 | ||||
-rw-r--r-- | src/man/sssd_krb5_locator_plugin.8.xml | 5 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c index aa8d387a5..7c17fcb33 100644 --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c +++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c @@ -45,6 +45,7 @@ #define BUFSIZE 512 #define PORT_STR_SIZE 7 #define SSSD_KRB5_LOCATOR_DEBUG "SSSD_KRB5_LOCATOR_DEBUG" +#define SSSD_KRB5_LOCATOR_DISABLE "SSSD_KRB5_LOCATOR_DISABLE" #define DEBUG_KEY "[sssd_krb5_locator] " #define PLUGIN_DEBUG(body) do { \ if (ctx->debug) { \ @@ -59,6 +60,7 @@ struct sssd_ctx { char *kpasswd_addr; uint16_t kpasswd_port; bool debug; + bool disabled; }; void plugin_debug_fn(const char *format, ...) @@ -232,6 +234,14 @@ krb5_error_code sssd_krb5_locator_init(krb5_context context, PLUGIN_DEBUG(("sssd_krb5_locator_init called\n")); } + dummy = getenv(SSSD_KRB5_LOCATOR_DISABLE); + if (dummy == NULL) { + ctx->disabled = false; + } else { + ctx->disabled = true; + PLUGIN_DEBUG(("SSSD KRB5 locator plugin is disabled.\n")); + } + *private_data = ctx; return 0; @@ -273,6 +283,11 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data, if (private_data == NULL) return KRB5_PLUGIN_NO_HANDLE; ctx = (struct sssd_ctx *) private_data; + if (ctx->disabled) { + PLUGIN_DEBUG(("Plugin disabled, nothing to do.\n")); + return KRB5_PLUGIN_NO_HANDLE; + } + if (ctx->sssd_realm == NULL || strcmp(ctx->sssd_realm, realm) != 0) { free(ctx->sssd_realm); ctx->sssd_realm = strdup(realm); diff --git a/src/man/sssd_krb5_locator_plugin.8.xml b/src/man/sssd_krb5_locator_plugin.8.xml index 25a20c88f..d28546012 100644 --- a/src/man/sssd_krb5_locator_plugin.8.xml +++ b/src/man/sssd_krb5_locator_plugin.8.xml @@ -69,6 +69,11 @@ If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value debug messages will be sent to stderr. </para> + <para> + If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any + value the plugin is disabled and will just return + KRB5_PLUGIN_NO_HANDLE to the caller. + </para> </refsect1> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" /> |