Allow system credentials cache to be configured in krb5.conf
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14566 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Luke Howard
@@ -243,6 +243,10 @@ kcm_password_key_proc(krb5_context context,
|
||||
krb5_error_code ret;
|
||||
struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed;
|
||||
|
||||
/* we may be called multiple times */
|
||||
krb5_free_salt(context, s->salt);
|
||||
krb5_data_zero(&s->salt.saltvalue);
|
||||
|
||||
/* stash the salt */
|
||||
s->salt.salttype = salt.salttype;
|
||||
|
||||
@@ -285,7 +289,10 @@ get_salt_and_kvno(krb5_context context,
|
||||
|
||||
memset(&creds, 0, sizeof(creds));
|
||||
memset(&reply, 0, sizeof(reply));
|
||||
memset(&s, 0, sizeof(s));
|
||||
|
||||
s.password = NULL;
|
||||
s.salt.salttype = ETYPE_NULL;
|
||||
krb5_data_zero(&s.salt.saltvalue);
|
||||
|
||||
*kvno = 0;
|
||||
kcm_internal_ccache(context, ccache, &ccdata);
|
||||
@@ -495,7 +502,7 @@ change_pw_and_update_keytab(krb5_context context,
|
||||
|
||||
/* Add SPN aliases, if any */
|
||||
spns = krb5_config_get_strings(context, NULL, "kcm",
|
||||
"spn_aliases", NULL);
|
||||
"system_ccache", "spn_aliases", NULL);
|
||||
if (spns != NULL) {
|
||||
for (i = 0; spns[i] != NULL; i++) {
|
||||
ret = update_keytab_entries(context, ccache, etypes, cpn,
|
||||
|
||||
47
kcm/config.c
47
kcm/config.c
@@ -48,16 +48,16 @@ int detach_from_console = -1;
|
||||
#define DETACH_IS_DEFAULT FALSE
|
||||
#endif
|
||||
|
||||
static char *system_cache_name = NULL;
|
||||
static char *system_keytab = NULL;
|
||||
static char *system_principal = NULL;
|
||||
static char *system_server = NULL;
|
||||
static char *system_perms = NULL;
|
||||
static char *system_user = NULL;
|
||||
static char *system_group = NULL;
|
||||
static const char *system_cache_name = NULL;
|
||||
static const char *system_keytab = NULL;
|
||||
static const char *system_principal = NULL;
|
||||
static const char *system_server = NULL;
|
||||
static const char *system_perms = NULL;
|
||||
static const char *system_user = NULL;
|
||||
static const char *system_group = NULL;
|
||||
|
||||
static char *renew_life = NULL;
|
||||
static char *ticket_life = NULL;
|
||||
static const char *renew_life = NULL;
|
||||
static const char *ticket_life = NULL;
|
||||
|
||||
int name_constraints = -1;
|
||||
|
||||
@@ -197,12 +197,22 @@ static int parse_owners(kcm_ccache ccache)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static const char *
|
||||
kcm_system_config_get_string(const char *string)
|
||||
{
|
||||
return krb5_config_get_string(kcm_context, NULL, "kcm",
|
||||
"system_ccache", string, NULL);
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
ccache_init_system(void)
|
||||
{
|
||||
kcm_ccache ccache;
|
||||
krb5_error_code ret;
|
||||
|
||||
if (system_cache_name == NULL)
|
||||
system_cache_name = kcm_system_config_get_string("cc_name");
|
||||
|
||||
ret = kcm_ccache_new(kcm_context,
|
||||
system_cache_name ? system_cache_name : "SYSTEM",
|
||||
&ccache);
|
||||
@@ -222,6 +232,9 @@ ccache_init_system(void)
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (system_server == NULL)
|
||||
system_server = kcm_system_config_get_string("server");
|
||||
|
||||
if (system_server != NULL) {
|
||||
ret = krb5_parse_name(kcm_context, system_server, &ccache->server);
|
||||
if (ret) {
|
||||
@@ -230,6 +243,9 @@ ccache_init_system(void)
|
||||
}
|
||||
}
|
||||
|
||||
if (system_keytab == NULL)
|
||||
system_keytab = kcm_system_config_get_string("keytab_name");
|
||||
|
||||
if (system_keytab != NULL) {
|
||||
ret = krb5_kt_resolve(kcm_context, system_keytab, &ccache->key.keytab);
|
||||
} else {
|
||||
@@ -240,6 +256,9 @@ ccache_init_system(void)
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (renew_life == NULL)
|
||||
renew_life = kcm_system_config_get_string("renew_life");
|
||||
|
||||
if (renew_life == NULL)
|
||||
renew_life = "1 month";
|
||||
|
||||
@@ -251,6 +270,9 @@ ccache_init_system(void)
|
||||
}
|
||||
}
|
||||
|
||||
if (ticket_life == NULL)
|
||||
ticket_life = kcm_system_config_get_string("ticket_life");
|
||||
|
||||
if (ticket_life != NULL) {
|
||||
ccache->tkt_life = parse_time(ticket_life, "s");
|
||||
if (ccache->tkt_life < 0) {
|
||||
@@ -259,6 +281,9 @@ ccache_init_system(void)
|
||||
}
|
||||
}
|
||||
|
||||
if (system_perms == NULL)
|
||||
system_perms = kcm_system_config_get_string("mode");
|
||||
|
||||
if (system_perms != NULL) {
|
||||
int mode;
|
||||
|
||||
@@ -329,6 +354,10 @@ kcm_configure(int argc, char **argv)
|
||||
max_request = parse_bytes(p, NULL);
|
||||
}
|
||||
|
||||
if (system_principal == NULL) {
|
||||
system_principal = kcm_system_config_get_string("principal");
|
||||
}
|
||||
|
||||
if (system_principal != NULL) {
|
||||
ret = ccache_init_system();
|
||||
if (ret)
|
||||
|
||||
Reference in New Issue
Block a user