From: Matt Rogers <mrogers@redhat.com>
Date: Wed, 24 Aug 2016 04:42:16 +0000 (-0400)
Subject: Add configuration option for URI lookups
X-Git-Tag: krb5-1.15-beta1~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74e5336d432af45ef97b4bd0a5ca4853e38b1c7f;p=thirdparty%2Fkrb5.git

Add configuration option for URI lookups

Add the boolean option 'dns_uri_lookup' to krb5.conf's libdefaults
section, to allow disabling URI lookups seperately from SRV lookups.
The default value is 'true'.

ticket: 8496
---

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index eb73fa75a0..add0bc34e5 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -209,6 +209,7 @@ typedef unsigned char   u_char;
 #define KRB5_CONF_DNS_FALLBACK                 "dns_fallback"
 #define KRB5_CONF_DNS_LOOKUP_KDC               "dns_lookup_kdc"
 #define KRB5_CONF_DNS_LOOKUP_REALM             "dns_lookup_realm"
+#define KRB5_CONF_DNS_URI_LOOKUP               "dns_uri_lookup"
 #define KRB5_CONF_DOMAIN_REALM                 "domain_realm"
 #define KRB5_CONF_ENABLE_ONLY                  "enable_only"
 #define KRB5_CONF_ERR_FMT                      "err_fmt"
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index b37dfda03c..5d74c8315e 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -45,6 +45,7 @@
 #else
 #define DEFAULT_LOOKUP_REALM 0
 #endif
+#define DEFAULT_URI_LOOKUP TRUE
 
 static int
 maybe_use_dns (krb5_context context, const char *name, int defalt)
@@ -70,6 +71,18 @@ maybe_use_dns (krb5_context context, const char *name, int defalt)
     return use_dns;
 }
 
+static krb5_boolean
+use_dns_uri(krb5_context ctx)
+{
+    krb5_error_code ret;
+    krb5_boolean use;
+
+    ret = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_DNS_URI_LOOKUP, NULL,
+                              DEFAULT_URI_LOOKUP, &use);
+    return ret ? DEFAULT_URI_LOOKUP : use;
+}
+
 int
 _krb5_use_dns_kdc(krb5_context context)
 {
@@ -652,7 +665,7 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm,
     int def_port;
     krb5_boolean find_master = FALSE;
 
-    if (!_krb5_use_dns_kdc(context))
+    if (!_krb5_use_dns_kdc(context) || !use_dns_uri(context))
         return 0;
 
     switch (svc) {