diff options
| author | Jeff Layton <jlayton@samba.org> | 2011-12-03 05:57:14 -0500 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2011-12-03 05:57:14 -0500 |
| commit | ca4acee17ffc11f2771bc6a32ac0c425d53859ea (patch) | |
| tree | 03002c67de75fb2f65c84c364a4f63a89958f81e /cifs.upcall.c | |
| parent | ac7606d6cb7a661c4adcf29a889c99b2db46afe2 (diff) | |
| download | cifs-utils-ca4acee17ffc11f2771bc6a32ac0c425d53859ea.tar.gz cifs-utils-ca4acee17ffc11f2771bc6a32ac0c425d53859ea.tar.bz2 cifs-utils-ca4acee17ffc11f2771bc6a32ac0c425d53859ea.zip | |
cifs.upcall: move to Andrew's suggested algorithm for picking a principal
Andrew Bartlett suggests the heuristic supplied in the comments.
For now, we don't try to guess the domainname when the hostname is not
qualified, but add a comment with what needs to be done in order to
support that.
Also, with this change we no longer need util.o to be linked in.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Diffstat (limited to 'cifs.upcall.c')
| -rw-r--r-- | cifs.upcall.c | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/cifs.upcall.c b/cifs.upcall.c index 2fe2dba..16dec81 100644 --- a/cifs.upcall.c +++ b/cifs.upcall.c @@ -47,7 +47,6 @@ #include <arpa/inet.h> #include <ctype.h> -#include "util.h" #include "replace.h" #include "data_blob.h" #include "spnego.h" @@ -895,28 +894,45 @@ int main(const int argc, char *const argv[]) switch (arg.sec) { case MS_KRB5: case KRB5: -retry_new_hostname: + /* + * Andrew Bartlett's suggested scheme for picking a principal + * name, based on a supplied hostname. + * + * INPUT: fooo + * TRY in order: + * cifs/fooo@REALM + * cifs/fooo.<guessed domain ?>@REALM + * + * INPUT: bar.example.com + * TRY only: + * cifs/bar.example.com@REALM + */ if (arg.sec == MS_KRB5) oid = OID_KERBEROS5_OLD; else oid = OID_KERBEROS5; - /* - * try getting a cifs/ principal first and then fall back to - * getting a host/ principal if that doesn't work. - */ +retry_new_hostname: lowercase_string(host); - strlcpy(princ, "cifs/", sizeof(princ)); - strlcpy(princ + 5, host, sizeof(princ) - 5); - rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, ccname); - if (!rc) - break; + /* try "cifs/hostname" first */ + rc = snprintf(princ, sizeof(princ), "cifs/%s", host); + if (rc < 0 || (size_t)rc >= sizeof(princ)) { + syslog(LOG_ERR,"Unable to set hostname %s in buffer.", host); + goto out; + } - memcpy(princ, "host/", 5); rc = handle_krb5_mech(oid, princ, &secblob, &sess_key, ccname); if (!rc) break; + /* + * FIXME: try to guess the DNS domain name for non-FQDN's. + * + * Use getaddrinfo() to resolve the hostname of the server and + * set ai_canonname. Then use the domainname in ai_canonname + * to turn the unqualified hostname into a FQDN. + */ + if (!try_dns || !(have & DKD_HAVE_IP)) break; |