[PATCH] Fix handling of preferred_realm command line option

[PATCH] Fix handling of preferred_realm command line option

[Maximilian Wilhelm]

[-- Attachment #1: Type: text/plain, Size: 374 bytes --]

(Please CC me in replies, I'm not on the list.)

Hi,

we found a problem in the gssd daemon when using the -R opton to
specify a different preferred realm than the one used on the system.
It seems the preferred_realm variable set in the gssd.c file is not
used at all when searching for keytab entries / principal.

The simple patch attached fixes this problem.

Thanks
Max

[-- Attachment #2: gssd_fix_preferred_realm.patch --]
[-- Type: text/x-diff, Size: 977 bytes --]

commit aa28b92860357f3d445836205f7851c75566da35
Author: Maximilian Wilhelm <max@rfc2324.org>
Date:   Fri May 24 14:46:41 2013 +0200

    Fix handling of preferred realm command line option.
    
      The current implementation ignores any preferred realm specified on the
      command line. Fix this behaviour and make sure the preferred realm is
      used as first realm when trying to acquire a keytab entry.
    
    Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
    Signed-off-by: Frederik Moellers <frederik.moellers@upb.de>

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6275dd8..9f5e634 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -857,6 +857,12 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
 	 */
 	i = 0;
 	realm = realmnames[i];
+
+	if (strcmp (realm, preferred_realm) != 0) {
+		realm = preferred_realm;
+		i = -1;
+	}
+
 	while (1) {
 		if (realm == NULL) {
 			tried_all = 1;

Re: [PATCH] Fix handling of preferred_realm command line option

[Maximilian Wilhelm]

[-- Attachment #1: Type: text/plain, Size: 541 bytes --]

Anno domini 2013 Maximilian Wilhelm scripsit:

Me again,

> (Please CC me in replies, I'm not on the list.)

> we found a problem in the gssd daemon when using the -R opton to
> specify a different preferred realm than the one used on the system.
> It seems the preferred_realm variable set in the gssd.c file is not
> used at all when searching for keytab entries / principal.

> The simple patch attached fixes this problem.

I felt the urge to update the comment, too :)

Best regards
Max
-- 
Friends are relatives you make for yourself.

[-- Attachment #2: gssd_fix_preferred_realm.patch --]
[-- Type: text/x-diff, Size: 1347 bytes --]

commit 722bd62d1e6a9d38db57e919d914a371e67d804d
Author: Maximilian Wilhelm <max@rfc2324.org>
Date:   Fri May 24 14:46:41 2013 +0200

    Fix handling of preferred realm command line option.
    
      The current implementation ignores any preferred realm specified on the
      command line. Fix this behaviour and make sure the preferred realm is
      used as first realm when trying to acquire a keytab entry.
    
    Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
    Signed-off-by: Frederik Moellers <frederik.moellers@upb.de>

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6275dd8..fb706a8 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -852,11 +852,18 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
 	}
 
 	/*
-	 * Try the "appropriate" realm first, and if nothing found for that
-	 * realm, try the default realm (if it hasn't already been tried).
+	 * Make sure the preferred_realm (which may have been explicitly set
+	 * on the command line, is tried first. If nothing is found go on with
+	 * the host and local default realm (if that hasn't already been tried).
 	 */
 	i = 0;
 	realm = realmnames[i];
+
+	if (strcmp (realm, preferred_realm) != 0) {
+		realm = preferred_realm;
+		i = -1;
+	}
+
 	while (1) {
 		if (realm == NULL) {
 			tried_all = 1;