diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-07-24 16:26:28 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-07-24 16:26:28 -0400 |
commit | 688a2702d2045abf5f99acfb59f3f372391e5be4 (patch) | |
tree | 191c3f0e11012369929598a1f6e16951e4561aab /src | |
parent | 4a788fb072b06ab25fb39c7720e2fe7bb79fd7f4 (diff) | |
download | krb5-688a2702d2045abf5f99acfb59f3f372391e5be4.tar.gz krb5-688a2702d2045abf5f99acfb59f3f372391e5be4.tar.xz krb5-688a2702d2045abf5f99acfb59f3f372391e5be4.zip |
Support changing the built-in ccache/keytab names
* Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to
change the built-in ccache and keytab names.
* Add krb5-config options to display the built-in ccache and keytab
names.
* In the default build, use krb5-config to discover the system's
built-in ccache and keytab names and use them (if not overridden).
This can be controlled with the --with-krb5-config=PATH or
--without-krb5-config configure options.
* Make the built-in ccache name subject to parameter expansion.
ticket: 7221 (new)
Diffstat (limited to 'src')
-rw-r--r-- | src/configure.in | 35 | ||||
-rw-r--r-- | src/include/osconf.hin | 4 | ||||
-rw-r--r-- | src/include/win-mac.h | 3 | ||||
-rw-r--r-- | src/krb5-config.M | 9 | ||||
-rwxr-xr-x | src/krb5-config.in | 35 | ||||
-rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 | ||||
-rw-r--r-- | src/lib/krb5/os/ccdefname.c | 6 | ||||
-rw-r--r-- | src/lib/krb5/os/ktdefname.c | 7 | ||||
-rw-r--r-- | src/lib/krb5/os/osconfig.c | 2 | ||||
-rw-r--r-- | src/man/Makefile.in | 8 |
10 files changed, 92 insertions, 18 deletions
diff --git a/src/configure.in b/src/configure.in index b1661f08b2..c7c92d923d 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1251,6 +1251,41 @@ if test "${localedir+set}" != set; then fi AC_SUBST(localedir) +# Build-time default ccache, keytab, and client keytab names. These +# can be given as variable arguments DEFCCNAME, DEFKTNAME, and +# DEFCKTNAME. Otherwise, we try to get the OS defaults from +# krb5-config if we can, or fall back to hardcoded defaults. +AC_ARG_VAR(DEFCCNAME, [Default ccache name]) +AC_ARG_VAR(DEFKTNAME, [Default keytab name]) +AC_ARG_VAR(DEFCKTNAME, [Default client keytab name]) +AC_ARG_WITH([krb5-config], + AC_HELP_STRING([--with-krb5-config=PATH], + [path to existing krb5-config program for defaults]), , + [with_krb5_config=krb5-config]) +if test "x$with_krb5_config" != xno; then + if test "x$with_krb5_config" = xyes; then + with_krb5_config=krb5-config + fi + if $with_krb5_config --help 2>&1 | grep -q defccname; then + AC_MSG_NOTICE([Using $with_krb5_config for build defaults]) + : "${DEFCCNAME=`$with_krb5_config --defccname`}" + : "${DEFKTNAME=`$with_krb5_config --defktname`}" + : "${DEFCKTNAME=`$with_krb5_config --defcktname`}" + fi +fi +if test "${DEFCCNAME+set}" != set; then + DEFCCNAME=FILE:/tmp/krb5cc_%{uid} +fi +: "${DEFKTNAME=FILE:/etc/krb5.keytab}" +: "${DEFCKTNAME=FILE:/etc/krb5.client-keytab}" +AC_MSG_NOTICE([Default ccache name: $DEFCCNAME]) +AC_MSG_NOTICE([Default keytab name: $DEFKTNAME]) +AC_MSG_NOTICE([Default client keytab name: $DEFCKTNAME]) +AC_DEFINE_UNQUOTED(DEFCCNAME, ["$DEFCCNAME"], [Define to default ccache name]) +AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNAME"], [Define to default keytab name]) +AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"], + [Define to default client keytab name]) + AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) V5_AC_OUTPUT_MAKEFILE(. diff --git a/src/include/osconf.hin b/src/include/osconf.hin index 803d73bd55..c3a33c22b2 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin @@ -42,8 +42,6 @@ #if defined(_WIN32) #define DEFAULT_PROFILE_FILENAME "krb5.ini" -#define DEFAULT_KEYTAB_NAME "FILE:%{WINDOWS}\\krb5kt" -#define DEFAULT_CLIENT_KEYTAB_NAME "FILE:%{WINDOWS}\\krb5clientkt" #else /* !_WINDOWS */ #if TARGET_OS_MAC #define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf" @@ -55,8 +53,6 @@ #define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf" #define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH #endif -#define DEFAULT_KEYTAB_NAME "FILE:/etc/krb5.keytab" -#define DEFAULT_CLIENT_KEYTAB_NAME "FILE:/etc/krb5.client-keytab" #endif /* _WINDOWS */ #define DEFAULT_PLUGIN_BASE_DIR "@LIBDIR/krb5/plugins" diff --git a/src/include/win-mac.h b/src/include/win-mac.h index 2274d8a51d..daec295b2c 100644 --- a/src/include/win-mac.h +++ b/src/include/win-mac.h @@ -231,6 +231,9 @@ HINSTANCE get_lib_instance(void); #define THREEPARAMOPEN(x,y,z) open(x,y,z) +#define DEFKTNAME "FILE:%{WINDOWS}\\krb5kt" +#define DEFCKTNAME "FILE:%{WINDOWS}\\krb5clientkt" + #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #endif diff --git a/src/krb5-config.M b/src/krb5-config.M index 56661aee7e..ccc869836f 100644 --- a/src/krb5-config.M +++ b/src/krb5-config.M @@ -53,6 +53,15 @@ prints the prefix with which Kerberos was built. \fB\--exec-prefix\fP prints the exec-prefix with which Kerberos was built. .TP +\fB\--defccname\fP +prints the built-in default credential cache name. +.TP +\fB\--defktname\fP +prints the built-in default keytab name. +.TP +\fB\--defcktname\fP +prints the built-in default client keytab name. +.TP \fB\--cflags\fP prints the compiler flags with which Kerberos was built. .TP diff --git a/src/krb5-config.in b/src/krb5-config.in index b476b4fdd2..c950b36b5d 100755 --- a/src/krb5-config.in +++ b/src/krb5-config.in @@ -38,6 +38,9 @@ RPATH_FLAG='@RPATH_FLAG@' PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@' PTHREAD_CFLAGS='@PTHREAD_CFLAGS@' DL_LIB='@DL_LIB@' +DEFCCNAME='@DEFCCNAME@' +DEFKTNAME='@DEFKTNAME@' +DEFCKTNAME='@DEFCKTNAME@' LIBS='@LIBS@' GEN_LIB=@GEN_LIB@ @@ -58,6 +61,15 @@ while test $# != 0; do --cflags) do_cflags=1 ;; + --defccname) + do_defccname=1 + ;; + --defcktname) + do_defcktname=1 + ;; + --defktname) + do_defktname=1 + ;; --deps) do_deps=1 ;; @@ -102,7 +114,10 @@ while test $# != 0; do done # If required options - provide help -if test -z "$do_all" -a -z "$do_version" -a -z "$do_vendor" -a -z "$do_prefix" -a -z "$do_vendor" -a -z "$do_exec_prefix" -a -z "$do_cflags" -a -z "$do_libs"; then +if test -z "$do_all" -a -z "$do_version" -a -z "$do_vendor" -a \ + -z "$do_prefix" -a -z "$do_vendor" -a -z "$do_exec_prefix" -a \ + -z "$do_defccname" -a -z "$do_defktname" -a -z "$do_defcktname" -a \ + -z "$do_cflags" -a -z "$do_libs"; then do_help=1 fi @@ -116,6 +131,9 @@ if test -n "$do_help"; then echo " [--vendor] Vendor information" echo " [--prefix] Kerberos installed prefix" echo " [--exec-prefix] Kerberos installed exec_prefix" + echo " [--defccname] Show built-in default ccache name" + echo " [--defktname] Show built-in default keytab name" + echo " [--defcktname] Show built-in default client keytab name" echo " [--cflags] Compile time CFLAGS" echo " [--libs] List libraries required to link [LIBRARIES]" echo "Libraries:" @@ -161,6 +179,21 @@ if test -n "$do_exec_prefix"; then $all_exit fi +if test -n "$do_defccname"; then + echo "$DEFCCNAME" + $all_exit +fi + +if test -n "$do_defktname"; then + echo "$DEFKTNAME" + $all_exit +fi + +if test -n "$do_defcktname"; then + echo "$DEFCKTNAME" + $all_exit +fi + if test -n "$do_cflags"; then if test x"$includedir" != x"/usr/include" ; then echo "-I${includedir}" diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 28049e7879..3f2716a2fa 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -242,7 +242,6 @@ krb5_decode_ticket krb5_decrypt_tkt_part krb5_default_pwd_prompt1 krb5_default_pwd_prompt2 -krb5_defkeyname krb5_deltat_to_string krb5_do_preauth krb5_encode_authdata_container diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index cb9bb7c938..a2d549da68 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -226,10 +226,8 @@ get_from_os(krb5_context context) static void get_from_os(krb5_context context) { - char *name; - - if (asprintf(&name, "FILE:/tmp/krb5cc_%ld", (long)getuid()) >= 0) - context->os_context.default_ccname = name; + (void)k5_expand_path_tokens(context, DEFCCNAME, + &context->os_context.default_ccname); } #endif /* not _WIN32 */ diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index 93b28dd38c..ffbd14d519 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -29,8 +29,6 @@ #include "k5-int.h" #include "os-proto.h" -extern char *krb5_defkeyname; - /* this is a an exceedinly gross thing. */ char *krb5_overridekeyname = NULL; @@ -54,7 +52,7 @@ kt_default_name(krb5_context context, char **name_out) profile_release_string(str); return ret; } else { - return k5_expand_path_tokens(context, krb5_defkeyname, name_out); + return k5_expand_path_tokens(context, DEFKTNAME, name_out); } } @@ -75,8 +73,7 @@ k5_kt_client_default_name(krb5_context context, char **name_out) profile_release_string(str); return ret; } else { - return k5_expand_path_tokens(context, DEFAULT_CLIENT_KEYTAB_NAME, - name_out); + return k5_expand_path_tokens(context, DEFCKTNAME, name_out); } } diff --git a/src/lib/krb5/os/osconfig.c b/src/lib/krb5/os/osconfig.c index b6013c5cff..1f6be6fecc 100644 --- a/src/lib/krb5/os/osconfig.c +++ b/src/lib/krb5/os/osconfig.c @@ -35,8 +35,6 @@ #include "k5-int.h" -char *krb5_defkeyname = DEFAULT_KEYTAB_NAME; - unsigned int krb5_max_dgram_size = MAX_DGRAM_SIZE; const char *krb5_default_pwd_prompt1 = DEFAULT_PWD_STRING1; diff --git a/src/man/Makefile.in b/src/man/Makefile.in index b6f38c9b8a..15a4d53b94 100644 --- a/src/man/Makefile.in +++ b/src/man/Makefile.in @@ -6,6 +6,9 @@ GROFF=@GROFF@ GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c localstatedir=@localstatedir@ sysconfdir=@sysconfdir@ +DEFCCNAME=@DEFCCNAME@ +DEFKTNAME=@DEFKTNAME@ +DEFCKTNAME=@DEFCKTNAME@ MANSUBS=k5identity.sub k5login.sub k5srvutil.sub kadmin.sub kadmind.sub \ kdb5_ldap_util.sub kdb5_util.sub kdc.conf.sub kdestroy.sub kinit.sub \ @@ -35,7 +38,10 @@ rstman: -e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \ -e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \ -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \ - -e 's|@SYSCONFDIR@|$(sysconfdir)|g' $? > $@ + -e 's|@SYSCONFDIR@|$(sysconfdir)|g' \ + -e 's|@CCNAME@|$(DEFCCNAME)|g' \ + -e 's|@KTNAME@|$(DEFKTNAME)|g' \ + -e 's|@CKTNAME@|$(DEFCKTNAME)|g' $? > $@ all:: $(MANSUBS) |