dovecot-1.2: Added support for gssapi_hostname=$ALL for multihom...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.2/rev/9ca5e8f66d10
changeset: 8093:9ca5e8f66d10
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Aug 13 14:59:10 2008 -0400
description:
Added support for gssapi_hostname=$ALL for multihomed hosts.
Patch by Jason Gunthorpe.

diffstat:

2 files changed, 8 insertions(+), 1 deletion(-)
dovecot-example.conf   |    2 +-
src/auth/mech-gssapi.c |    7 +++++++

diffs (29 lines):

diff -r 29b623366e1e -r 9ca5e8f66d10 dovecot-example.conf
--- a/dovecot-example.conf	Wed Aug 13 14:36:11 2008 -0400
+++ b/dovecot-example.conf	Wed Aug 13 14:59:10 2008 -0400
@@ -779,7 +779,7 @@ protocol lda {
 #auth_worker_max_request_count = 0
 
 # Host name to use in GSSAPI principal names. The default is to use the
-# name returned by gethostname().
+# name returned by gethostname(). Use "$ALL" to allow all keytab entries.
 #auth_gssapi_hostname =
 
 # Kerberos keytab to use for the GSSAPI mechanism. Will use the system 
diff -r 29b623366e1e -r 9ca5e8f66d10 src/auth/mech-gssapi.c
--- a/src/auth/mech-gssapi.c	Wed Aug 13 14:36:11 2008 -0400
+++ b/src/auth/mech-gssapi.c	Wed Aug 13 14:59:10 2008 -0400
@@ -138,6 +138,13 @@ static OM_uint32 obtain_service_credenti
 	gss_buffer_desc inbuf;
 	gss_name_t gss_principal;
 	const char *service_name;
+
+	if (strcmp(request->auth->gssapi_hostname, "$ALL") == 0) {
+		auth_request_log_info(request, "gssapi",
+				      "Using all keytab entries");
+		*ret = GSS_C_NO_CREDENTIAL;
+		return GSS_S_COMPLETE;
+	}
 
 	if (strcasecmp(request->service, "POP3") == 0) {
 		/* The standard POP3 service name with GSSAPI is called