Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:Update
nfs-utils
0204-Don-t-assume-the-machine-account-will-be-i...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0204-Don-t-assume-the-machine-account-will-be-in-upp.patch of Package nfs-utils
From 6597e3910b39a052dc98a32d43fe0900ec81643e Mon Sep 17 00:00:00 2001 From: Scott Mayhew <smayhew@redhat.com> Date: Mon, 2 Nov 2015 08:24:03 -0500 Subject: [PATCH] gssd: Don't assume the machine account will be in uppercase find_keytab_entry() first looks for an entry of the form <HOSTNAME>$@<DOMAIN>, which corresponds to the Active Directory machine account. It assumes that <HOSTNAME> will be in uppercase because that's how the entry is created if the machine is joined to the domain using Samba. But that's not necessarily the case if the another identity management solution is used... for example a keytab entry for a machine account created by Centrify will match the actual computer account in Active Directory, whether that be in upper case, lower case, or mixed case. So first look for an entry that matches the unmodified hostname and then convert it to uppercase and try again only if that failed. Signed-off-by: Scott Mayhew <smayhew@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com> --- utils/gssd/krb5_util.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -799,7 +799,7 @@ find_keytab_entry(krb5_context context, char *default_realm = NULL; char *realm; char *k5err = NULL; - int tried_all = 0, tried_default = 0; + int tried_all = 0, tried_default = 0, tried_upper = 0; krb5_principal princ; @@ -821,7 +821,6 @@ find_keytab_entry(krb5_context context, strcpy(myhostad, myhostname); for (i = 0; myhostad[i] != 0; ++i) { if (myhostad[i] == '.') break; - myhostad[i] = toupper(myhostad[i]); } myhostad[i] = '$'; myhostad[i+1] = 0; @@ -921,6 +920,19 @@ find_keytab_entry(krb5_context context, k5err = gssd_k5_err_msg(context, code); printerr(3, "%s while getting keytab entry for '%s'\n", k5err, spn); + /* + * We tried the active directory machine account + * with the hostname part as-is and failed... + * convert it to uppercase and try again before + * moving on to the svcname + */ + if (strcmp(svcnames[j],"$") == 0 && !tried_upper) { + for (i = 0; myhostad[i] != '$'; ++i) { + myhostad[i] = toupper(myhostad[i]); + } + j--; + tried_upper = 1; + } } else { printerr(3, "Success getting keytab entry for '%s'\n",spn); retval = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor