diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-07-05 11:25:59 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-06 19:12:11 +0200 |
| commit | e6b6b9fa79c67d7d2698bc7e33d2e2f6bb53d483 (patch) | |
| tree | 38c612b250ea454debd1c037440b795f451a32ef /src/util/domain_info_utils.c | |
| parent | d278822ab3ab18f2c5b012cd055f01f06e687e49 (diff) | |
| download | sssd-e6b6b9fa79c67d7d2698bc7e33d2e2f6bb53d483.tar.gz sssd-e6b6b9fa79c67d7d2698bc7e33d2e2f6bb53d483.tar.xz sssd-e6b6b9fa79c67d7d2698bc7e33d2e2f6bb53d483.zip | |
IPA/AD: globally set krb5 canonicalization flag
If Kerberos principal canonicalization is configured in SSSD, currently
it is the default for the IPA provider, a configuration snippet is
generated for the system-wide libkrb5 configuration so that all
kerberized applications will use canonicalization by default.
Resolves https://fedorahosted.org/sssd/ticket/3041
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util/domain_info_utils.c')
| -rw-r--r-- | src/util/domain_info_utils.c | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index adb3f1247..6fc15a045 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -658,7 +658,45 @@ done: #endif } -errno_t sss_write_krb5_conf_snippet(const char *path) +#define KRB5_LIBDEFAUTLS_CONFIG \ +"[libdefaults]\n" \ +" canonicalize = true\n" + +static errno_t sss_write_krb5_libdefaults_snippet(const char *path) +{ + int ret; + TALLOC_CTX *tmp_ctx = NULL; + const char *file_name; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + file_name = talloc_asprintf(tmp_ctx, "%s/krb5_libdefaults", path); + if (file_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n"); + ret = ENOMEM; + goto done; + } + + DEBUG(SSSDBG_FUNC_DATA, "File for KRB5 kibdefaults configuration is [%s]\n", + file_name); + + ret = sss_write_krb5_snippet_common(file_name, KRB5_LIBDEFAUTLS_CONFIG); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_write_krb5_snippet_common failed.\n"); + goto done; + } + +done: + + talloc_free(tmp_ctx); + return ret; +} + +errno_t sss_write_krb5_conf_snippet(const char *path, bool canonicalize) { errno_t ret; errno_t err; @@ -680,6 +718,14 @@ errno_t sss_write_krb5_conf_snippet(const char *path) goto done; } + if (canonicalize) { + ret = sss_write_krb5_libdefaults_snippet(path); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_write_krb5_libdefaults_snippet failed.\n"); + goto done; + } + } + ret = EOK; done: |