|
|
e19a30 |
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
|
|
e19a30 |
index 5fde091..990111d 100644
|
|
|
e19a30 |
--- a/utils/gssd/krb5_util.c
|
|
|
e19a30 |
+++ b/utils/gssd/krb5_util.c
|
|
|
e19a30 |
@@ -801,8 +801,10 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
|
|
|
e19a30 |
char *default_realm = NULL;
|
|
|
e19a30 |
char *realm;
|
|
|
e19a30 |
char *k5err = NULL;
|
|
|
e19a30 |
- int tried_all = 0, tried_default = 0;
|
|
|
e19a30 |
+ int tried_all = 0, tried_default = 0, tried_upper = 0;
|
|
|
e19a30 |
krb5_principal princ;
|
|
|
e19a30 |
+ const char *notsetstr = "not set";
|
|
|
e19a30 |
+ char *adhostoverride;
|
|
|
e19a30 |
|
|
|
e19a30 |
|
|
|
e19a30 |
/* Get full target hostname */
|
|
|
e19a30 |
@@ -820,13 +822,23 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
|
|
|
e19a30 |
}
|
|
|
e19a30 |
|
|
|
e19a30 |
/* Compute the active directory machine name HOST$ */
|
|
|
e19a30 |
- strcpy(myhostad, myhostname);
|
|
|
e19a30 |
- for (i = 0; myhostad[i] != 0; ++i) {
|
|
|
e19a30 |
- if (myhostad[i] == '.') break;
|
|
|
e19a30 |
- myhostad[i] = toupper(myhostad[i]);
|
|
|
e19a30 |
+ krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name",
|
|
|
e19a30 |
+ notsetstr, &adhostoverride);
|
|
|
e19a30 |
+ if (strcmp(adhostoverride, notsetstr) != 0) {
|
|
|
e19a30 |
+ printerr (1,
|
|
|
e19a30 |
+ "AD host string overridden with \"%s\" from appdefaults\n",
|
|
|
e19a30 |
+ adhostoverride);
|
|
|
e19a30 |
+ /* No overflow: Windows cannot handle strings longer than 19 chars */
|
|
|
e19a30 |
+ strcpy(myhostad, adhostoverride);
|
|
|
e19a30 |
+ free(adhostoverride);
|
|
|
e19a30 |
+ } else {
|
|
|
e19a30 |
+ strcpy(myhostad, myhostname);
|
|
|
e19a30 |
+ for (i = 0; myhostad[i] != 0; ++i) {
|
|
|
e19a30 |
+ if (myhostad[i] == '.') break;
|
|
|
e19a30 |
+ }
|
|
|
e19a30 |
+ myhostad[i] = '$';
|
|
|
e19a30 |
+ myhostad[i+1] = 0;
|
|
|
e19a30 |
}
|
|
|
e19a30 |
- myhostad[i] = '$';
|
|
|
e19a30 |
- myhostad[i+1] = 0;
|
|
|
e19a30 |
|
|
|
e19a30 |
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
|
|
|
e19a30 |
if (retval) {
|
|
|
e19a30 |
@@ -923,6 +935,19 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
|
|
|
e19a30 |
k5err = gssd_k5_err_msg(context, code);
|
|
|
e19a30 |
printerr(3, "%s while getting keytab entry for '%s'\n",
|
|
|
e19a30 |
k5err, spn);
|
|
|
e19a30 |
+ /*
|
|
|
e19a30 |
+ * We tried the active directory machine account
|
|
|
e19a30 |
+ * with the hostname part as-is and failed...
|
|
|
e19a30 |
+ * convert it to uppercase and try again before
|
|
|
e19a30 |
+ * moving on to the svcname
|
|
|
e19a30 |
+ */
|
|
|
e19a30 |
+ if (strcmp(svcnames[j],"$") == 0 && !tried_upper) {
|
|
|
e19a30 |
+ for (i = 0; myhostad[i] != '$'; ++i) {
|
|
|
e19a30 |
+ myhostad[i] = toupper(myhostad[i]);
|
|
|
e19a30 |
+ }
|
|
|
e19a30 |
+ j--;
|
|
|
e19a30 |
+ tried_upper = 1;
|
|
|
e19a30 |
+ }
|
|
|
e19a30 |
} else {
|
|
|
e19a30 |
printerr(3, "Success getting keytab entry for '%s'\n",spn);
|
|
|
e19a30 |
retval = 0;
|