Add configuration option for URI lookups

Add the boolean option 'dns_uri_lookup' to krb5.conf's libdefaults section, to allow disabling URI lookups seperately from SRV lookups. The default value is 'true'. ticket: 8496
krb5 · Sep 19, 2016 · 74e5336 · 74e5336
1 parent 71f523a
commit 74e5336
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
@@ -209,6 +209,7 @@ typedef unsigned char   u_char;
 #define KRB5_CONF_DNS_FALLBACK                 "dns_fallback"
 #define KRB5_CONF_DNS_LOOKUP_KDC               "dns_lookup_kdc"
 #define KRB5_CONF_DNS_LOOKUP_REALM             "dns_lookup_realm"
+#define KRB5_CONF_DNS_URI_LOOKUP               "dns_uri_lookup"
 #define KRB5_CONF_DOMAIN_REALM                 "domain_realm"
 #define KRB5_CONF_ENABLE_ONLY                  "enable_only"
 #define KRB5_CONF_ERR_FMT                      "err_fmt"

diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
@@ -45,6 +45,7 @@
 #else
 #define DEFAULT_LOOKUP_REALM 0
 #endif
+#define DEFAULT_URI_LOOKUP TRUE
 
 static int
 maybe_use_dns (krb5_context context, const char *name, int defalt)
@@ -70,6 +71,18 @@ maybe_use_dns (krb5_context context, const char *name, int defalt)
     return use_dns;
 }
 
+static krb5_boolean
+use_dns_uri(krb5_context ctx)
+{
+    krb5_error_code ret;
+    krb5_boolean use;
+
+    ret = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_DNS_URI_LOOKUP, NULL,
+                              DEFAULT_URI_LOOKUP, &use);
+    return ret ? DEFAULT_URI_LOOKUP : use;
+}
+
 int
 _krb5_use_dns_kdc(krb5_context context)
 {
@@ -652,7 +665,7 @@ dns_locate_server_uri(krb5_context context, const krb5_data *realm,
     int def_port;
     krb5_boolean find_master = FALSE;
 
-    if (!_krb5_use_dns_kdc(context))
+    if (!_krb5_use_dns_kdc(context) || !use_dns_uri(context))
         return 0;
 
     switch (svc) {