Add profile support for libdefaults dns_fallback

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11586 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c
index 4d69783957e30059e12eb10db3a137b3f4ab68c5..690dcc633ed5b4f95dbb50caeec439ad01f0e26a 100644 (file)
--- a/src/lib/krb5/os/def_realm.c
+++ b/src/lib/krb5/os/def_realm.c
@@ -65,18 +65,34 @@ krb5_get_default_realm(context, lrealm)
            return KV5M_CONTEXT;
 
     if (!context->default_realm) {
-           /*
-            * XXX should try to figure out a reasonable default based
-            * on the host's DNS domain.
-            */
-           context->default_realm = 0;
-           if (context->profile == 0)
-                   return KRB5_CONFIG_CANTOPEN;
-           retval = profile_get_string(context->profile, "libdefaults",
-                                       "default_realm", 0, 0,
-                                       &context->default_realm);
+        /*
+         * XXX should try to figure out a reasonable default based
+         * on the host's DNS domain.
+         */
+        context->default_realm = 0;
+        if (context->profile == 0)
+            return KRB5_CONFIG_CANTOPEN;
+        retval = profile_get_string(context->profile, "libdefaults",
+                                     "default_realm", 0, 0,
+                                     &context->default_realm);
 #ifdef KRB5_DNS_LOOKUP
-           if (context->default_realm == 0) {
+        if (context->default_realm == 0) {
+            int use_dns=0;
+            char * string=NULL;
+            krb5_error_code retval2;
+
+            retval2 = profile_get_string(context->profile, "libdefaults",
+                                          "dns_fallback", 0, 
+                                          context->profile_in_memory?"1":"0",
+                                          &string);
+            if ( retval2 )
+                return(retval2);
+
+            if ( string ) {
+                use_dns = krb5_conf_boolean(string);
+                free(string);
+            }
+            if ( use_dns ) {
                /*
                 * Since this didn't appear in our config file, try looking
                 * it up via DNS.  Look for a TXT records of the form:
@@ -111,22 +127,23 @@ krb5_get_default_realm(context, lrealm)
                if (retval) {
                    return(KRB5_CONFIG_NODEFREALM);
                }
-           }
+            }
+        }
 #endif /* KRB5_DNS_LOOKUP */
     }
 
     if (context->default_realm == 0)
        return(KRB5_CONFIG_NODEFREALM);
     if (context->default_realm[0] == 0) {
-           free (context->default_realm);
-           context->default_realm = 0;
-           return KRB5_CONFIG_NODEFREALM;
+        free (context->default_realm);
+        context->default_realm = 0;
+        return KRB5_CONFIG_NODEFREALM;
     }
 
     realm = context->default_realm;
     
     if (!(*lrealm = cp = malloc((unsigned int) strlen(realm) + 1)))
-           return ENOMEM;
+        return ENOMEM;
     strcpy(cp, realm);
     return(0);
 }

diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index a2c76ade21c70b148a39e6d82a881fa17813e906..3bd766ea58acd8f83b80bf9b4386a8653a72836f 100644 (file)
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -287,32 +287,49 @@ krb5_get_host_realm(context, host, realmsp)
 
 #ifdef KRB5_DNS_LOOKUP
     if (realm == (char *)NULL) {
-        /*
-        * Since this didn't appear in our config file, try looking
-        * it up via DNS.  Look for a TXT records of the form:
-        *
-        * _kerberos.<hostname>
-        * _kerberos.<searchlist>
-        * _kerberos.<defaultrealm>
-        *
-        */
-        cp = local_host;
-        do {
-            retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
-            cp = strchr(cp,'.');
-            if (cp) 
-                cp++;
-        } while (retval && cp && cp[0]);
-        if (retval)
-            retval = krb5_try_realm_txt_rr("_kerberos", "", &realm);
-        if (retval && default_realm) {
-            cp = default_realm;
+        int use_dns=0;
+        char * string=NULL;
+        krb5_error_code retval2;
+
+        retval2 = profile_get_string(context->profile, "libdefaults",
+                                      "dns_fallback", 0, 
+                                      context->profile_in_memory?"1":"0",
+                                      &string);
+        if ( retval2 )
+            return(retval2);
+
+        if ( string ) {
+            use_dns = krb5_conf_boolean(string);
+            free(string);
+        }
+        if ( use_dns ) {
+            /*
+             * Since this didn't appear in our config file, try looking
+             * it up via DNS.  Look for a TXT records of the form:
+             *
+             * _kerberos.<hostname>
+             * _kerberos.<searchlist>
+             * _kerberos.<defaultrealm>
+             *
+             */
+            cp = local_host;
             do {
                 retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
                 cp = strchr(cp,'.');
                 if (cp) 
                     cp++;
             } while (retval && cp && cp[0]);
+            if (retval)
+                retval = krb5_try_realm_txt_rr("_kerberos", "", &realm);
+            if (retval && default_realm) {
+                cp = default_realm;
+                do {
+                    retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
+                    cp = strchr(cp,'.');
+                    if (cp) 
+                        cp++;
+                } while (retval && cp && cp[0]);
+            }
         }
     }
 #endif /* KRB5_DNS_LOOKUP */