krb5 commit: Add configuration option for URI lookups

Greg Hudson ghudson at mit.edu
Mon Sep 19 12:31:11 EDT 2016 

https://github.com/krb5/krb5/commit/74e5336d432af45ef97b4bd0a5ca4853e38b1c7f
commit 74e5336d432af45ef97b4bd0a5ca4853e38b1c7f
Author: Matt Rogers <mrogers at redhat.com>
Date:   Wed Aug 24 00:42:16 2016 -0400

    Add configuration option for URI lookups
    
    Add the boolean option 'dns_uri_lookup' to krb5.conf's libdefaults
    section, to allow disabling URI lookups seperately from SRV lookups.
    The default value is 'true'.
    
    ticket: 8496

 src/include/k5-int.h         |    1 +
 src/lib/krb5/os/locate_kdc.c |   15 ++++++++++++++-
 2 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index eb73fa7..add0bc3 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -209,6 +209,7 @@ typedef unsigned char   u_char;
 #define KRB5_CONF_DNS_FALLBACK                 "dns_fallback"
 #define KRB5_CONF_DNS_LOOKUP_KDC               "dns_lookup_kdc"
 #define KRB5_CONF_DNS_LOOKUP_REALM             "dns_lookup_realm"
+#define KRB5_CONF_DNS_URI_LOOKUP               "dns_uri_lookup"
 #define KRB5_CONF_DOMAIN_REALM                 "domain_realm"
 #define KRB5_CONF_ENABLE_ONLY                  "enable_only"
 #define KRB5_CONF_ERR_FMT                      "err_fmt"
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index b37dfda..5d74c83 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -45,6 +45,7 @@
 #else
 #define DEFAULT_LOOKUP_REALM 0
 #endif
+#define DEFAULT_URI_LOOKUP TRUE
 
 static int
 maybe_use_dns (krb5_context context, const char *name, int defalt)
@@ -70,6 +71,18 @@ maybe_use_dns (krb5_context context, const char *name, int defalt)
     return use_dns;
 }
 
+static krb5_boolean
+use_dns_uri(krb5_context ctx)
+{
+    krb5_error_code ret;
+    krb5_boolean use;
+
+    ret = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_DNS_URI_LOOKUP, NULL,
+                              DEFAULT_URI_LOOKUP, &use);
+    return ret ? DEFAULT_URI_LOOKUP : use;
+}
+
 int
 _krb5_use_dns_kdc(krb5_context context)
 {
@@ -652,7 +665,7 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm,
     int def_port;
     krb5_boolean find_master = FALSE;
 
-    if (!_krb5_use_dns_kdc(context))
+    if (!_krb5_use_dns_kdc(context) || !use_dns_uri(context))
         return 0;
 
     switch (svc) {

More information about the cvs-krb5 mailing list