From 58b77bb485f43c9e9c8b6f37dc8201d0bebfe748 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Mon, 31 Dec 2018 18:18:08 +1100
Subject: [PATCH] krb5: fix a couple of missing options in verify_krb5_conf

---
 lib/krb5/verify_krb5_conf.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/verify_krb5_conf.c b/lib/krb5/verify_krb5_conf.c
index 232f2db18..12bd33701 100644
--- a/lib/krb5/verify_krb5_conf.c
+++ b/lib/krb5/verify_krb5_conf.c
@@ -216,6 +216,20 @@ check_host(krb5_context context, const char *path, char *data)
     return 0;
 }
 
+static int
+check_directory(krb5_context context, const char *path, char *data)
+{
+    DIR *d = opendir(data);
+    if (d == NULL) {
+	krb5_warn(context, errno, "%s: could not open directory `%s'",
+		  path, data);
+	return 1;
+    }
+
+    closedir(d);
+    return 0;
+}
+
 static int
 mit_entry(krb5_context context, const char *path, char *data)
 {
@@ -399,7 +413,7 @@ struct entry libdefaults_entries[] = {
     { "default_keytab_modify_name", krb5_config_string, NULL, 0 },
     { "default_realm", krb5_config_string, NULL, 0 },
     { "default_tgs_etypes", krb5_config_string, NULL, 0 },
-    { "dns_canonize_hostname", krb5_config_string, check_boolean, 0 },
+    { "dns_canonicalize_hostname", krb5_config_string, check_boolean, 0 },
     { "dns_proxy", krb5_config_string, NULL, 0 },
     { "dns_lookup_kdc", krb5_config_string, check_boolean, 0 },
     { "dns_lookup_realm", krb5_config_string, check_boolean, 0 },
@@ -429,6 +443,7 @@ struct entry libdefaults_entries[] = {
     { "name_canon_rules", krb5_config_string, NULL, 0 },
     { "no-addresses", krb5_config_string, check_boolean, 0 },
     { "pkinit_dh_min_bits", krb5_config_string, NULL, 0 },
+    { "plugin_dir", krb5_config_string, check_directory, 0 },
     { "proxiable", krb5_config_string, check_boolean, 0 },
     { "renew_lifetime", krb5_config_string, check_time, 0 },
     { "scan_interfaces", krb5_config_string, check_boolean, 0 },
@@ -572,6 +587,7 @@ struct entry kdc_entries[] = {
     { "logging", krb5_config_string, check_log, 0 },
     { "max-kdc-datagram-reply-length", krb5_config_string, check_bytes, 0 },
     { "max-request", krb5_config_string, check_bytes, 0 },
+    { "num-kdc-processes", krb5_config_string, check_numeric, 0 },
     { "pkinit_allow_proxy_certificate", krb5_config_string, check_boolean, 0 },
     { "pkinit_anchors", krb5_config_string, NULL, 0 },
     { "pkinit_dh_min_bits", krb5_config_string, check_numeric, 0 },
@@ -587,6 +603,7 @@ struct entry kdc_entries[] = {
     { "preauth-use-strongest-session-key", krb5_config_string, check_boolean, 0 },
     { "require_initial_kca_tickets", krb5_config_string, check_boolean, 0 },
     { "require-preauth", krb5_config_string, check_boolean, 0 },
+    { "strict-nametypes", krb5_config_string, check_boolean, 0 },
     { "svc-use-strongest-session-key", krb5_config_string, check_boolean, 0 },
     { "tgt-use-strongest-session-key", krb5_config_string, check_boolean, 0 },
     { "transited-policy", krb5_config_string, NULL, 0 },
@@ -600,6 +617,7 @@ struct entry kadmin_entries[] = {
     { "allow_self_change_password", krb5_config_string, check_boolean, 0 },
     { "default_keys", krb5_config_string, NULL, 0 },
     { "password_lifetime", krb5_config_string, check_time, 0 },
+    { "plugin_dir", krb5_config_string, check_directory, 0 },
     { "require-preauth", krb5_config_string, check_boolean, 0 },
     { "save-password", krb5_config_string, check_boolean, 0 },
     { "use_v4_salt", krb5_config_string, NULL, 0 },