From 399518984f37bd67d2d547de66efb875bc21ccbc Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Jan 07 2013 14:45:07 +0000
Subject: Search for SHORTNAME$@REALM instead of fqdn$@REALM by default


The search was intended for the AD provider mostly, but keytabs coming
from AD via samba don't contain fqdn$@REALM but rather uppercased
SHORTNAME$@REALM

https://fedorahosted.org/sssd/ticket/1740

---

diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 1b8dc79..bb61d10 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -26,6 +26,35 @@
 #include "util/util.h"
 #include "util/sss_krb5.h"
 
+static char *
+get_primary(TALLOC_CTX *mem_ctx, const char *pattern, const char *hostname)
+{
+    char *primary;
+    char *dot;
+    char *c;
+    char *shortname;
+
+    if (strcmp(pattern, "%S$") == 0) {
+        shortname = talloc_strdup(mem_ctx, hostname);
+        if (!shortname) return NULL;
+
+        dot = strchr(shortname, '.');
+        if (dot) {
+            *dot = '\0';
+        }
+
+        for (c=shortname; *c != '\0'; ++c) {
+            *c = toupper(*c);
+        }
+
+        primary = talloc_asprintf(mem_ctx, "%s$", shortname);
+        talloc_free(shortname);
+        return primary;
+    }
+
+    return talloc_asprintf(mem_ctx, pattern, hostname);
+}
+
 errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
                                      const char *hostname,
                                      const char *desired_realm,
@@ -48,16 +77,19 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
     int realm_len;
 
     /**
+     * The %s conversion is passed as-is, the %S conversion is translated to
+     * "short host name"
+     *
      * Priority of lookup:
      * - our.hostname@REALM or host/our.hostname@REALM depending on the input
-     * - our.hostname$@REALM (AD domain)
+     * - SHORT.HOSTNAME$@REALM (AD domain)
      * - host/our.hostname@REALM
      * - foobar$@REALM (AD domain)
      * - host/foobar@REALM
      * - host/foo@BAR
      * - pick the first principal in the keytab
      */
-    const char *primary_patterns[] = {"%s", "%s$", "host/%s", "*$", "host/*",
+    const char *primary_patterns[] = {"%s", "%S$", "host/%s", "*$", "host/*",
                                       "host/*", NULL};
     const char *realm_patterns[] =   {"%s", "%s",  "%s",      "%s", "%s",
                                       NULL,     NULL};
@@ -99,7 +131,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
 
     do {
         if (primary_patterns[i]) {
-            primary = talloc_asprintf(tmp_ctx, primary_patterns[i], hostname);
+            primary = get_primary(tmp_ctx, primary_patterns[i], hostname);
             if (primary == NULL) {
                 ret = ENOMEM;
                 goto done;