# HG changeset patch # User Timo Sirainen # Date 1175031719 -10800 # Node ID c5401a8f46790f88dca6afd747d64b9c719078f9 # Parent 97f9bdbe924dcaebbbce70811522271d2fa329ff Added auth_gssapi_hostname setting. diff -r 97f9bdbe924d -r c5401a8f4679 dovecot-example.conf --- a/dovecot-example.conf Wed Mar 28 00:32:25 2007 +0300 +++ b/dovecot-example.conf Wed Mar 28 00:41:59 2007 +0300 @@ -742,6 +742,10 @@ # automatically created and destroyed as needed. #auth_worker_max_count = 30 +# Host name to use in GSSAPI principal names. The default is to use the +# name returned by gethostname(). +#auth_gssapi_hostname = + # Kerberos keytab to use for the GSSAPI mechanism. Will use the system # default (usually /etc/krb5.keytab) if not specified. #auth_krb5_keytab = diff -r 97f9bdbe924d -r c5401a8f4679 src/auth/auth.c --- a/src/auth/auth.c Wed Mar 28 00:32:25 2007 +0300 +++ b/src/auth/auth.c Wed Mar 28 00:41:59 2007 +0300 @@ -4,6 +4,7 @@ #include "network.h" #include "buffer.h" #include "str.h" +#include "hostpid.h" #include "mech.h" #include "userdb.h" #include "passdb.h" @@ -262,6 +263,12 @@ if (env != NULL && *env != '\0') auth->username_format = env; + env = getenv("GSSAPI_HOSTNAME"); + if (env != NULL && *env != '\0') + auth->gssapi_hostname = env; + else + auth->gssapi_hostname = my_hostname; + env = getenv("MASTER_USER_SEPARATOR"); if (env != NULL) auth->master_user_separator = env[0]; diff -r 97f9bdbe924d -r c5401a8f4679 src/auth/auth.h --- a/src/auth/auth.h Wed Mar 28 00:32:25 2007 +0300 +++ b/src/auth/auth.h Wed Mar 28 00:41:59 2007 +0300 @@ -46,6 +46,7 @@ const char *default_realm; const char *anonymous_username; const char *username_format; + const char *gssapi_hostname; char username_chars[256]; char username_translation[256]; char master_user_separator; diff -r 97f9bdbe924d -r c5401a8f4679 src/auth/mech-gssapi.c --- a/src/auth/mech-gssapi.c Wed Mar 28 00:32:25 2007 +0300 +++ b/src/auth/mech-gssapi.c Wed Mar 28 00:41:59 2007 +0300 @@ -20,7 +20,6 @@ #include "buffer.h" #include "hex-binary.h" #include "safe-memset.h" -#include "hostpid.h" #ifdef HAVE_GSSAPI @@ -113,7 +112,7 @@ principal_name = t_str_new(128); str_append(principal_name, service_name); str_append_c(principal_name, '@'); - str_append(principal_name, my_hostname); + str_append(principal_name, request->auth->gssapi_hostname); auth_request_log_info(request, "gssapi", "Obtaining credentials for %s", str_c(principal_name)); diff -r 97f9bdbe924d -r c5401a8f4679 src/master/auth-process.c --- a/src/master/auth-process.c Wed Mar 28 00:32:25 2007 +0300 +++ b/src/master/auth-process.c Wed Mar 28 00:41:59 2007 +0300 @@ -477,6 +477,10 @@ /* Environment used by Kerberos 5 library directly */ env_put(t_strconcat("KRB5_KTNAME=", set->krb5_keytab, NULL)); } + if (*set->gssapi_hostname != '\0') { + env_put(t_strconcat("GSSAPI_HOSTNAME=", + set->gssapi_hostname, NULL)); + } restrict_process_size(set->process_size, (unsigned int)-1); } diff -r 97f9bdbe924d -r c5401a8f4679 src/master/master-settings.c --- a/src/master/master-settings.c Wed Mar 28 00:32:25 2007 +0300 +++ b/src/master/master-settings.c Wed Mar 28 00:41:59 2007 +0300 @@ -70,6 +70,7 @@ DEF(SET_STR, master_user_separator), DEF(SET_STR, anonymous_username), DEF(SET_STR, krb5_keytab), + DEF(SET_STR, gssapi_hostname), DEF(SET_BOOL, verbose), DEF(SET_BOOL, debug), @@ -287,6 +288,7 @@ MEMBER(master_user_separator) "", MEMBER(anonymous_username) "anonymous", MEMBER(krb5_keytab) "", + MEMBER(gssapi_hostname) "", MEMBER(verbose) FALSE, MEMBER(debug) FALSE, diff -r 97f9bdbe924d -r c5401a8f4679 src/master/master-settings.h --- a/src/master/master-settings.h Wed Mar 28 00:32:25 2007 +0300 +++ b/src/master/master-settings.h Wed Mar 28 00:41:59 2007 +0300 @@ -187,6 +187,7 @@ const char *master_user_separator; const char *anonymous_username; const char *krb5_keytab; + const char *gssapi_hostname; bool verbose, debug, debug_passwords; bool ssl_require_client_cert;