[PATCH 07/10] gssd: Lookup local hostname when srchost is '*'

Doug Nazar <nazard@xxxxxxxx> · Wed, 1 Jul 2020 14:27:58 -0400

Currently when we receive a '*' srchost, we scan our keytab for a matching
host but of course none match. We then fall back to scanning for any
service/realm match and eventually find our hostname. Let's lookup our
hostname instead and quickly find our specific match.

Signed-off-by: Doug Nazar <nazard@xxxxxxxx>
---
 utils/gssd/krb5_util.c | 52 ++++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 25 deletions(-)

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 7908c10f..560e4a87 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -757,6 +757,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
 		goto out;
 	}
 
+	printerr(4, "Scanning keytab for %s/*@%s\n", service, realm);
 	while ((code = krb5_kt_next_entry(context, kt, kte, &cursor)) == 0) {
 		if ((code = krb5_unparse_name(context, kte->principal,
 					      &pname))) {
@@ -853,43 +854,44 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
 		goto out;
 
 	/* Get full local hostname */
-	if (srchost) {
+	if (srchost && strcmp(srchost, "*") != 0) {
 		strcpy(myhostname, srchost);
-	} else if (gethostname(myhostname, sizeof(myhostname)) == -1) {
-		retval = errno;
-		k5err = gssd_k5_err_msg(context, retval);
-		printerr(1, "%s while getting local hostname\n", k5err);
-		goto out;
+	        strcpy(myhostad, myhostname);
+	} else {
+		/* Borrow myhostad for gethostname(), we need it later anyways */
+		if (gethostname(myhostad, sizeof(myhostad)-1) == -1) {
+			retval = errno;
+			k5err = gssd_k5_err_msg(context, retval);
+			printerr(1, "%s while getting local hostname\n", k5err);
+			goto out;
+		}
+		retval = get_full_hostname(myhostad, myhostname, sizeof(myhostname));
+		if (retval) {
+			/* Don't use myhostname */
+			myhostname[0] = 0;
+		}
 	}
 
 	/* Compute the active directory machine name HOST$ */
-	krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name", 
+	krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name",
 		notsetstr, &adhostoverride);
 	if (strcmp(adhostoverride, notsetstr) != 0) {
-	        printerr (1, 
-				"AD host string overridden with \"%s\" from appdefaults\n", 
+		printerr (1,
+				"AD host string overridden with \"%s\" from appdefaults\n",
 				adhostoverride);
-	        /* No overflow: Windows cannot handle strings longer than 19 chars */
-	        strcpy(myhostad, adhostoverride);
+		/* No overflow: Windows cannot handle strings longer than 19 chars */
+		strcpy(myhostad, adhostoverride);
 	} else {
-	        strcpy(myhostad, myhostname);
-	        for (i = 0; myhostad[i] != 0; ++i) {
-	          if (myhostad[i] == '.') break;
-	        }
-	        myhostad[i] = '$';
-	        myhostad[i+1] = 0;
+		/* In this case, it's been pre-filled above */
+		for (i = 0; myhostad[i] != 0; ++i) {
+			if (myhostad[i] == '.') break;
+		}
+		myhostad[i] = '$';
+		myhostad[i+1] = 0;
 	}
 	if (adhostoverride)
 		krb5_free_string(context, adhostoverride);
 
-	if (!srchost) {
-		retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
-		if (retval) {
-			/* Don't use myhostname */
-			myhostname[0] = 0;
-		}
-	}
-
 	code = krb5_get_default_realm(context, &default_realm);
 	if (code) {
 		retval = code;
-- 
2.26.2







