diff options
author | Günther Deschner <gdeschner@redhat.com> | 2013-04-12 14:34:57 +0200 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-04-23 12:02:06 -0700 |
commit | 3bc4655d770e8105fbc0815d6c35512eec8b7223 (patch) | |
tree | be8f95ab8de93a789efd7afd7f988d005e584ea5 | |
parent | f7b3cd95cd812c6fdf9b66f771eb816d6002dc58 (diff) | |
download | gss-proxy-3bc4655d770e8105fbc0815d6c35512eec8b7223.tar.gz gss-proxy-3bc4655d770e8105fbc0815d6c35512eec8b7223.tar.xz gss-proxy-3bc4655d770e8105fbc0815d6c35512eec8b7223.zip |
Use mutivalued "cred_store" parameter, deprecate unused parameters.
The krb5_{ccache,keytab,client_keytab} parameters are replaced with a
multivalued "cred_store" parameter instead.
krb5_keytab = /etc/krb5.keytab
becomes:
cred_store = keytab:/etc/krb5.keytab
Likewise for the "krb5_ccache" and "krb5_client_keytab" parameters.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | proxy/src/gp_config.c | 58 | ||||
-rw-r--r-- | proxy/src/gp_proxy.h | 5 |
2 files changed, 36 insertions, 27 deletions
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c index 8f30c30..012094a 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c @@ -31,14 +31,26 @@ #include "gp_proxy.h" #include "gp_config.h" +static void free_str_array(char ***a) +{ + char **array = *a; + int i; + + if (!a) { + return; + } + for (i = 0; array[i]; i++) { + safefree(array[i]); + } + safefree(*a); +} + static void gp_service_free(struct gp_service *svc) { free(svc->name); if (svc->mechs & GP_CRED_KRB5) { free(svc->krb5.principal); - free(svc->krb5.keytab); - free(svc->krb5.ccache); - free(svc->krb5.client_keytab); + free_str_array(&(svc->krb5.cred_store)); } gp_free_creds_handle(&svc->creds_handle); memset(svc, 0, sizeof(struct gp_service)); @@ -60,7 +72,13 @@ static int get_krb5_mech_cfg(struct gp_service *svc, struct gp_ini_context *ctx, const char *secname) { - const char *value; + struct { const char *a; const char *b; } deprecated_vals[] = { + {"krb5_keytab", "keytab" }, + {"krb5_ccache", "ccache" }, + {"krb5_client_keytab", "client_keytab" } + }; + char *value; + int i; value = gp_config_get_string(ctx, secname, "krb5_principal"); if (value) { @@ -70,29 +88,21 @@ static int get_krb5_mech_cfg(struct gp_service *svc, } } - value = gp_config_get_string(ctx, secname, "krb5_keytab"); - if (value) { - svc->krb5.keytab = strdup(value); - if (!svc->krb5.keytab) { - return ENOMEM; + /* check for deprecated options */ + for (i = 0; i < 3; i++) { + value = gp_config_get_string(ctx, secname, deprecated_vals[i].a); + if (value) { + GPERROR("\"%s = %s\" is deprecated, " + "please use \"cred_store = %s:%s\"\n", + deprecated_vals[i].a, value, + deprecated_vals[i].b, value); + return EINVAL; } } - value = gp_config_get_string(ctx, secname, "krb5_ccache"); - if (value) { - svc->krb5.ccache = strdup(value); - if (!svc->krb5.ccache) { - return ENOMEM; - } - } - - value = gp_config_get_string(ctx, secname, "krb5_client_keytab"); - if (value) { - svc->krb5.client_keytab = strdup(value); - if (!svc->krb5.client_keytab) { - return ENOMEM; - } - } + svc->krb5.cred_store = gp_config_get_string_array(ctx, secname, + "cred_store", + &svc->krb5.cred_count); return 0; } diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h index 8895aa8..8f5a059 100644 --- a/proxy/src/gp_proxy.h +++ b/proxy/src/gp_proxy.h @@ -40,9 +40,8 @@ struct gp_cred_krb5 { char *principal; - char *keytab; - char *ccache; - char *client_keytab; + char **cred_store; + int cred_count; }; struct gp_creds_handle; |