diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/os/dnssrv.c | 34 | ||||
| -rw-r--r-- | src/lib/krb5/os/locate_kdc.c | 31 | ||||
| -rw-r--r-- | src/lib/krb5/os/os-proto.h | 4 |
3 files changed, 59 insertions, 10 deletions
diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c index 62d6d13..ffbbc85 100644 --- a/src/lib/krb5/os/dnssrv.c +++ b/src/lib/krb5/os/dnssrv.c @@ -46,10 +46,10 @@ krb5int_free_srv_dns_data (struct srv_dns_entry *p) } /* Construct a DNS label of the form "service.[protocol.]realm.". protocol may - * be NULL. */ + * and/or sitename be NULL. */ static char * make_lookup_name(const krb5_data *realm, const char *service, - const char *protocol) + const char *protocol, const char *sitename) { struct k5buf buf; @@ -60,6 +60,8 @@ make_lookup_name(const krb5_data *realm, const char *service, k5_buf_add_fmt(&buf, "%s.", service); if (protocol != NULL) k5_buf_add_fmt(&buf, "%s.", protocol); + if (sitename != NULL) + k5_buf_add_fmt(&buf, "%s._sites.", sitename); k5_buf_add_len(&buf, realm->data, realm->length); /* @@ -119,6 +121,7 @@ k5_make_uri_query(krb5_context context, const krb5_data *realm, krb5_error_code krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, const char *service, const char *protocol, + const char *sitename, struct srv_dns_entry **answers) { char *name = NULL; @@ -128,7 +131,7 @@ krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, *answers = NULL; - name = make_lookup_name(realm, service, protocol); + name = make_lookup_name(realm, service, protocol, sitename); if (name == NULL) return 0; @@ -136,6 +139,12 @@ krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, st = DnsQuery_UTF8(name, DNS_TYPE_SRV, DNS_QUERY_STANDARD, NULL, &records, NULL); + if (st != ERROR_SUCCESS && sitename != NULL) { + /* Try again without the site name. */ + free(name); + return krb5int_make_srv_query_realm(context, realm, service, protocol, + NULL, answers); + } if (st != ERROR_SUCCESS) return 0; @@ -176,7 +185,8 @@ cleanup: /* Query the URI RR, collecting weight, priority, and target. */ krb5_error_code k5_make_uri_query(krb5_context context, const krb5_data *realm, - const char *service, struct srv_dns_entry **answers) + const char *service, const char *sitename, + struct srv_dns_entry **answers) { const unsigned char *p = NULL, *base = NULL; char *name = NULL; @@ -188,13 +198,18 @@ k5_make_uri_query(krb5_context context, const krb5_data *realm, *answers = NULL; /* Construct service.realm. */ - name = make_lookup_name(realm, service, NULL); + name = make_lookup_name(realm, service, NULL, sitename); if (name == NULL) return 0; TRACE_DNS_URI_SEND(context, name); size = krb5int_dns_init(&ds, name, C_IN, T_URI); + if (size < 0 && sitename != NULL) { + /* Try again without the site name. */ + free(name); + return k5_make_uri_query(context, realm, service, NULL, answers); + } if (size < 0) goto out; @@ -242,6 +257,7 @@ out: krb5_error_code krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, const char *service, const char *protocol, + const char *sitename, struct srv_dns_entry **answers) { const unsigned char *p = NULL, *base = NULL; @@ -262,13 +278,19 @@ krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, * */ - name = make_lookup_name(realm, service, protocol); + name = make_lookup_name(realm, service, protocol, sitename); if (name == NULL) return 0; TRACE_DNS_SRV_SEND(context, name); size = krb5int_dns_init(&ds, name, C_IN, T_SRV); + if (size < 0 && sitename) { + /* Try again without the site name. */ + free(name); + return krb5int_make_srv_query_realm(context, realm, service, protocol, + NULL, answers); + } if (size < 0) goto out; diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 7d246ef..e6f6e5f 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -98,6 +98,22 @@ _krb5_use_dns_realm(krb5_context context) DEFAULT_LOOKUP_REALM); } +static krb5_error_code +get_sitename(krb5_context context, const krb5_data *realm, char **out) +{ + krb5_error_code ret; + char *realmstr; + + *out = NULL; + realmstr = k5memdup0(realm->data, realm->length, &ret); + if (realmstr == NULL) + return ret; + ret = profile_get_string(context->profile, KRB5_CONF_REALMS, + realmstr, KRB5_CONF_SITENAME, NULL, out); + free(realmstr); + return ret; +} + #endif /* KRB5_DNS_LOOKUP */ /* Free up everything pointed to by the serverlist structure, but don't @@ -328,9 +344,14 @@ locate_srv_dns_1(krb5_context context, const krb5_data *realm, struct srv_dns_entry *head = NULL, *entry = NULL; krb5_error_code code = 0; k5_transport transport; + char *sitename; + code = get_sitename(context, realm, &sitename); + if (code) + return code; code = krb5int_make_srv_query_realm(context, realm, service, protocol, - &head); + sitename, &head); + free(sitename); if (code) return 0; @@ -616,11 +637,15 @@ locate_uri(krb5_context context, const krb5_data *realm, krb5_error_code ret; k5_transport transport, host_trans; struct srv_dns_entry *answers, *entry; - char *host; + char *host, *sitename; const char *host_field, *path; int port, def_port, primary; - ret = k5_make_uri_query(context, realm, req_service, &answers); + ret = get_sitename(context, realm, &sitename); + if (ret) + return ret; + ret = k5_make_uri_query(context, realm, req_service, sitename, &answers); + free(sitename); if (ret || answers == NULL) return ret; diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h index ad686a9..a21558d 100644 --- a/src/lib/krb5/os/os-proto.h +++ b/src/lib/krb5/os/os-proto.h @@ -176,13 +176,15 @@ struct srv_dns_entry { krb5_error_code krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm, const char *service, const char *protocol, + const char *sitename, struct srv_dns_entry **answers); void krb5int_free_srv_dns_data(struct srv_dns_entry *); krb5_error_code k5_make_uri_query(krb5_context context, const krb5_data *realm, - const char *service, struct srv_dns_entry **answers); + const char *service, const char *sitename, + struct srv_dns_entry **answers); krb5_error_code k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name, char **realm); |