You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
2.3 KiB
66 lines
2.3 KiB
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c |
|
index 5fde091..990111d 100644 |
|
--- a/utils/gssd/krb5_util.c |
|
+++ b/utils/gssd/krb5_util.c |
|
@@ -801,8 +801,10 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, |
|
char *default_realm = NULL; |
|
char *realm; |
|
char *k5err = NULL; |
|
- int tried_all = 0, tried_default = 0; |
|
+ int tried_all = 0, tried_default = 0, tried_upper = 0; |
|
krb5_principal princ; |
|
+ const char *notsetstr = "not set"; |
|
+ char *adhostoverride; |
|
|
|
|
|
/* Get full target hostname */ |
|
@@ -820,13 +822,23 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, |
|
} |
|
|
|
/* Compute the active directory machine name HOST$ */ |
|
- strcpy(myhostad, myhostname); |
|
- for (i = 0; myhostad[i] != 0; ++i) { |
|
- if (myhostad[i] == '.') break; |
|
- myhostad[i] = toupper(myhostad[i]); |
|
+ krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name", |
|
+ notsetstr, &adhostoverride); |
|
+ if (strcmp(adhostoverride, notsetstr) != 0) { |
|
+ printerr (1, |
|
+ "AD host string overridden with \"%s\" from appdefaults\n", |
|
+ adhostoverride); |
|
+ /* No overflow: Windows cannot handle strings longer than 19 chars */ |
|
+ strcpy(myhostad, adhostoverride); |
|
+ free(adhostoverride); |
|
+ } else { |
|
+ strcpy(myhostad, myhostname); |
|
+ for (i = 0; myhostad[i] != 0; ++i) { |
|
+ if (myhostad[i] == '.') break; |
|
+ } |
|
+ myhostad[i] = '$'; |
|
+ myhostad[i+1] = 0; |
|
} |
|
- myhostad[i] = '$'; |
|
- myhostad[i+1] = 0; |
|
|
|
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname)); |
|
if (retval) { |
|
@@ -923,6 +935,19 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, |
|
k5err = gssd_k5_err_msg(context, code); |
|
printerr(3, "%s while getting keytab entry for '%s'\n", |
|
k5err, spn); |
|
+ /* |
|
+ * We tried the active directory machine account |
|
+ * with the hostname part as-is and failed... |
|
+ * convert it to uppercase and try again before |
|
+ * moving on to the svcname |
|
+ */ |
|
+ if (strcmp(svcnames[j],"$") == 0 && !tried_upper) { |
|
+ for (i = 0; myhostad[i] != '$'; ++i) { |
|
+ myhostad[i] = toupper(myhostad[i]); |
|
+ } |
|
+ j--; |
|
+ tried_upper = 1; |
|
+ } |
|
} else { |
|
printerr(3, "Success getting keytab entry for '%s'\n",spn); |
|
retval = 0;
|
|
|