Currently when we receive a '*' srchost, we scan our keytab for a matching host but of course none match. We then fall back to scanning for any service/realm match and eventually find our hostname. Let's lookup our hostname instead and quickly find our specific match. Signed-off-by: Doug Nazar <nazard@xxxxxxxx> --- utils/gssd/krb5_util.c | 52 ++++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 7908c10f..560e4a87 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -757,6 +757,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt, goto out; } + printerr(4, "Scanning keytab for %s/*@%s\n", service, realm); while ((code = krb5_kt_next_entry(context, kt, kte, &cursor)) == 0) { if ((code = krb5_unparse_name(context, kte->principal, &pname))) { @@ -853,43 +854,44 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, goto out; /* Get full local hostname */ - if (srchost) { + if (srchost && strcmp(srchost, "*") != 0) { strcpy(myhostname, srchost); - } else if (gethostname(myhostname, sizeof(myhostname)) == -1) { - retval = errno; - k5err = gssd_k5_err_msg(context, retval); - printerr(1, "%s while getting local hostname\n", k5err); - goto out; + strcpy(myhostad, myhostname); + } else { + /* Borrow myhostad for gethostname(), we need it later anyways */ + if (gethostname(myhostad, sizeof(myhostad)-1) == -1) { + retval = errno; + k5err = gssd_k5_err_msg(context, retval); + printerr(1, "%s while getting local hostname\n", k5err); + goto out; + } + retval = get_full_hostname(myhostad, myhostname, sizeof(myhostname)); + if (retval) { + /* Don't use myhostname */ + myhostname[0] = 0; + } } /* Compute the active directory machine name HOST$ */ - krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name", + krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name", notsetstr, &adhostoverride); if (strcmp(adhostoverride, notsetstr) != 0) { - printerr (1, - "AD host string overridden with \"%s\" from appdefaults\n", + printerr (1, + "AD host string overridden with \"%s\" from appdefaults\n", adhostoverride); - /* No overflow: Windows cannot handle strings longer than 19 chars */ - strcpy(myhostad, adhostoverride); + /* No overflow: Windows cannot handle strings longer than 19 chars */ + strcpy(myhostad, adhostoverride); } else { - strcpy(myhostad, myhostname); - for (i = 0; myhostad[i] != 0; ++i) { - if (myhostad[i] == '.') break; - } - myhostad[i] = '$'; - myhostad[i+1] = 0; + /* In this case, it's been pre-filled above */ + for (i = 0; myhostad[i] != 0; ++i) { + if (myhostad[i] == '.') break; + } + myhostad[i] = '$'; + myhostad[i+1] = 0; } if (adhostoverride) krb5_free_string(context, adhostoverride); - if (!srchost) { - retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname)); - if (retval) { - /* Don't use myhostname */ - myhostname[0] = 0; - } - } - code = krb5_get_default_realm(context, &default_realm); if (code) { retval = code; -- 2.26.2