gssd: select non-conventional principal

This enable kerberized NFS mounts to succeed even if the
principal is not <HOSTNAME>$.

It works by reading another principal name from the [appdefaults]
section of krb5.conf:

[appdefaults]
nfs = {
    ad_principal_name = 129.125.39.115$
}

Signed-off-by: Jurjen Bokma <j.bokma@rug.nl>
Signed-off-by: Steve Dickson <steved@redhat.com>

1 files changed, 19 insertions, 6 deletions

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 4b57141..8369fdf 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -801,6 +801,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
 	char *k5err = NULL;
 	int tried_all = 0, tried_default = 0;
 	krb5_principal princ;
+	const char *notsetstr = "not set";
+	char *adhostoverride;
 
 
 	/* Get full target hostname */
@@ -818,13 +820,24 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
 	}
 
 	/* Compute the active directory machine name HOST$ */
-	strcpy(myhostad, myhostname);
-	for (i = 0; myhostad[i] != 0; ++i) {
-		if (myhostad[i] == '.') break;
-		myhostad[i] = toupper(myhostad[i]);
+	krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name", 
+		notsetstr, &adhostoverride);
+	if (strcmp(adhostoverride, notsetstr) != 0) {
+	        printerr (1, 
+				"AD host string overridden with \"%s\" from appdefaults\n", 
+				adhostoverride);
+	        /* No overflow: Windows cannot handle strings longer than 19 chars */
+	        strcpy(myhostad, adhostoverride);
+		free(adhostoverride);
+	} else {
+	        strcpy(myhostad, myhostname);
+	        for (i = 0; myhostad[i] != 0; ++i) {
+	          if (myhostad[i] == '.') break;
+	          myhostad[i] = toupper(myhostad[i]);
+	        }
+	        myhostad[i] = '$';
+	        myhostad[i+1] = 0;
 	}
-	myhostad[i] = '$';
-	myhostad[i+1] = 0;
 
 	retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
 	if (retval) {