sssd/0108-KRB5_LOCATOR-add-env-variable-to-disable-plugin.patch
Lukas Slebodnik 7bddea6c90 Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication
Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
                           file from package sssd-common-1.15.1-1.fc25.x86_64
Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
2017-04-29 23:49:52 +02:00

90 lines
3.3 KiB
Diff

From 1193f20a8267e506d863b27c74870c86c085902b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 17 Nov 2016 10:55:43 +0100
Subject: [PATCH 108/135] KRB5_LOCATOR: add env variable to disable plugin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the new environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any
value SSSD's krb5 locator plugin is disabled. The variable is needed
because there is currently no other way than removing the plugin
completely to disable it. For a use-case see e.g.
https://bugzilla.redhat.com/show_bug.cgi?id=1072939.
Resolves:
https://pagure.io/SSSD/sssd/issue/3359
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
src/krb5_plugin/sssd_krb5_locator_plugin.c | 15 +++++++++++++++
src/man/sssd_krb5_locator_plugin.8.xml | 5 +++++
2 files changed, 20 insertions(+)
diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c
index aa8d387a5d0be302e5cc98ddcf10ebce6957f3a5..7c17fcb33373293fbbbe2be967dca57b31ef13de 100644
--- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
+++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c
@@ -45,6 +45,7 @@
#define BUFSIZE 512
#define PORT_STR_SIZE 7
#define SSSD_KRB5_LOCATOR_DEBUG "SSSD_KRB5_LOCATOR_DEBUG"
+#define SSSD_KRB5_LOCATOR_DISABLE "SSSD_KRB5_LOCATOR_DISABLE"
#define DEBUG_KEY "[sssd_krb5_locator] "
#define PLUGIN_DEBUG(body) do { \
if (ctx->debug) { \
@@ -59,6 +60,7 @@ struct sssd_ctx {
char *kpasswd_addr;
uint16_t kpasswd_port;
bool debug;
+ bool disabled;
};
void plugin_debug_fn(const char *format, ...)
@@ -232,6 +234,14 @@ krb5_error_code sssd_krb5_locator_init(krb5_context context,
PLUGIN_DEBUG(("sssd_krb5_locator_init called\n"));
}
+ dummy = getenv(SSSD_KRB5_LOCATOR_DISABLE);
+ if (dummy == NULL) {
+ ctx->disabled = false;
+ } else {
+ ctx->disabled = true;
+ PLUGIN_DEBUG(("SSSD KRB5 locator plugin is disabled.\n"));
+ }
+
*private_data = ctx;
return 0;
@@ -273,6 +283,11 @@ krb5_error_code sssd_krb5_locator_lookup(void *private_data,
if (private_data == NULL) return KRB5_PLUGIN_NO_HANDLE;
ctx = (struct sssd_ctx *) private_data;
+ if (ctx->disabled) {
+ PLUGIN_DEBUG(("Plugin disabled, nothing to do.\n"));
+ return KRB5_PLUGIN_NO_HANDLE;
+ }
+
if (ctx->sssd_realm == NULL || strcmp(ctx->sssd_realm, realm) != 0) {
free(ctx->sssd_realm);
ctx->sssd_realm = strdup(realm);
diff --git a/src/man/sssd_krb5_locator_plugin.8.xml b/src/man/sssd_krb5_locator_plugin.8.xml
index 25a20c88fcd4c2b3f644da24b34a4d5e9eb80ed3..d28546012802955c2594680e53698518f0178ab1 100644
--- a/src/man/sssd_krb5_locator_plugin.8.xml
+++ b/src/man/sssd_krb5_locator_plugin.8.xml
@@ -69,6 +69,11 @@
If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any
value debug messages will be sent to stderr.
</para>
+ <para>
+ If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any
+ value the plugin is disabled and will just return
+ KRB5_PLUGIN_NO_HANDLE to the caller.
+ </para>
</refsect1>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
--
2.12.2