oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Allow system credentials cache to be configured in krb5.conf

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14566 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Luke Howard
2005-02-06 01:22:49 +00:00
parent dbc6d542fd
commit d3bff0ec79
2 changed files with 47 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
kcm/acquire.c
View File

@@ -243,6 +243,10 @@ kcm_password_key_proc(krb5_context context,
krb5_error_code ret; krb5_error_code ret;
struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed; struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed;
/* we may be called multiple times */
krb5_free_salt(context, s->salt);
krb5_data_zero(&s->salt.saltvalue);
/* stash the salt */ /* stash the salt */
s->salt.salttype = salt.salttype; s->salt.salttype = salt.salttype;
@@ -285,7 +289,10 @@ get_salt_and_kvno(krb5_context context,
memset(&creds, 0, sizeof(creds)); memset(&creds, 0, sizeof(creds));
memset(&reply, 0, sizeof(reply)); memset(&reply, 0, sizeof(reply));
memset(&s, 0, sizeof(s));
s.password = NULL;
s.salt.salttype = ETYPE_NULL;
krb5_data_zero(&s.salt.saltvalue);
*kvno = 0; *kvno = 0;
kcm_internal_ccache(context, ccache, &ccdata); kcm_internal_ccache(context, ccache, &ccdata);
@@ -495,7 +502,7 @@ change_pw_and_update_keytab(krb5_context context,
/* Add SPN aliases, if any */ /* Add SPN aliases, if any */
spns = krb5_config_get_strings(context, NULL, "kcm", spns = krb5_config_get_strings(context, NULL, "kcm",
"spn_aliases", NULL); "system_ccache", "spn_aliases", NULL);
if (spns != NULL) { if (spns != NULL) {
for (i = 0; spns[i] != NULL; i++) { for (i = 0; spns[i] != NULL; i++) {
ret = update_keytab_entries(context, ccache, etypes, cpn, ret = update_keytab_entries(context, ccache, etypes, cpn,

47
kcm/config.c
View File

@@ -48,16 +48,16 @@ int detach_from_console = -1;
#define DETACH_IS_DEFAULT FALSE #define DETACH_IS_DEFAULT FALSE
#endif #endif
static char *system_cache_name = NULL; static const char *system_cache_name = NULL;
static char *system_keytab = NULL; static const char *system_keytab = NULL;
static char *system_principal = NULL; static const char *system_principal = NULL;
static char *system_server = NULL; static const char *system_server = NULL;
static char *system_perms = NULL; static const char *system_perms = NULL;
static char *system_user = NULL; static const char *system_user = NULL;
static char *system_group = NULL; static const char *system_group = NULL;
static char *renew_life = NULL; static const char *renew_life = NULL;
static char *ticket_life = NULL; static const char *ticket_life = NULL;
int name_constraints = -1; int name_constraints = -1;
@@ -197,12 +197,22 @@ static int parse_owners(kcm_ccache ccache)
return 0; return 0;
} }
static const char *
kcm_system_config_get_string(const char *string)
{
return krb5_config_get_string(kcm_context, NULL, "kcm",
"system_ccache", string, NULL);
}
static krb5_error_code static krb5_error_code
ccache_init_system(void) ccache_init_system(void)
{ {
kcm_ccache ccache; kcm_ccache ccache;
krb5_error_code ret; krb5_error_code ret;
if (system_cache_name == NULL)
system_cache_name = kcm_system_config_get_string("cc_name");
ret = kcm_ccache_new(kcm_context, ret = kcm_ccache_new(kcm_context,
system_cache_name ? system_cache_name : "SYSTEM", system_cache_name ? system_cache_name : "SYSTEM",
&ccache); &ccache);
@@ -222,6 +232,9 @@ ccache_init_system(void)
return ret; return ret;
} }
if (system_server == NULL)
system_server = kcm_system_config_get_string("server");
if (system_server != NULL) { if (system_server != NULL) {
ret = krb5_parse_name(kcm_context, system_server, &ccache->server); ret = krb5_parse_name(kcm_context, system_server, &ccache->server);
if (ret) { if (ret) {
@@ -230,6 +243,9 @@ ccache_init_system(void)
} }
} }
if (system_keytab == NULL)
system_keytab = kcm_system_config_get_string("keytab_name");
if (system_keytab != NULL) { if (system_keytab != NULL) {
ret = krb5_kt_resolve(kcm_context, system_keytab, &ccache->key.keytab); ret = krb5_kt_resolve(kcm_context, system_keytab, &ccache->key.keytab);
} else { } else {
@@ -240,6 +256,9 @@ ccache_init_system(void)
return ret; return ret;
} }
if (renew_life == NULL)
renew_life = kcm_system_config_get_string("renew_life");
if (renew_life == NULL) if (renew_life == NULL)
renew_life = "1 month"; renew_life = "1 month";
@@ -251,6 +270,9 @@ ccache_init_system(void)
} }
} }
if (ticket_life == NULL)
ticket_life = kcm_system_config_get_string("ticket_life");
if (ticket_life != NULL) { if (ticket_life != NULL) {
ccache->tkt_life = parse_time(ticket_life, "s"); ccache->tkt_life = parse_time(ticket_life, "s");
if (ccache->tkt_life < 0) { if (ccache->tkt_life < 0) {
@@ -259,6 +281,9 @@ ccache_init_system(void)
} }
} }
if (system_perms == NULL)
system_perms = kcm_system_config_get_string("mode");
if (system_perms != NULL) { if (system_perms != NULL) {
int mode; int mode;
@@ -329,6 +354,10 @@ kcm_configure(int argc, char **argv)
max_request = parse_bytes(p, NULL); max_request = parse_bytes(p, NULL);
} }
if (system_principal == NULL) {
system_principal = kcm_system_config_get_string("principal");
}
if (system_principal != NULL) { if (system_principal != NULL) {
ret = ccache_init_system(); ret = ccache_init_system();
if (ret) if (ret)