Support changing the built-in ccache/keytab names

* Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to
  change the built-in ccache and keytab names.
* Add krb5-config options to display the built-in ccache and keytab
  names.
* In the default build, use krb5-config to discover the system's
  built-in ccache and keytab names and use them (if not overridden).
  This can be controlled with the --with-krb5-config=PATH or
  --without-krb5-config configure options.
* Make the built-in ccache name subject to parameter expansion.

ticket: 7221 (new)

10 files changed, 92 insertions, 18 deletions

diff --git a/src/configure.in b/src/configure.in
index b1661f08b2..c7c92d923d 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1251,6 +1251,41 @@ if test "${localedir+set}" != set; then
 fi
 AC_SUBST(localedir)
 
+# Build-time default ccache, keytab, and client keytab names.  These
+# can be given as variable arguments DEFCCNAME, DEFKTNAME, and
+# DEFCKTNAME.  Otherwise, we try to get the OS defaults from
+# krb5-config if we can, or fall back to hardcoded defaults.
+AC_ARG_VAR(DEFCCNAME, [Default ccache name])
+AC_ARG_VAR(DEFKTNAME, [Default keytab name])
+AC_ARG_VAR(DEFCKTNAME, [Default client keytab name])
+AC_ARG_WITH([krb5-config],
+	AC_HELP_STRING([--with-krb5-config=PATH],
+		[path to existing krb5-config program for defaults]), ,
+        [with_krb5_config=krb5-config])
+if test "x$with_krb5_config" != xno; then
+	if test "x$with_krb5_config" = xyes; then
+		with_krb5_config=krb5-config
+	fi
+	if $with_krb5_config --help 2>&1 | grep -q defccname; then
+		AC_MSG_NOTICE([Using $with_krb5_config for build defaults])
+		: "${DEFCCNAME=`$with_krb5_config --defccname`}"
+		: "${DEFKTNAME=`$with_krb5_config --defktname`}"
+		: "${DEFCKTNAME=`$with_krb5_config --defcktname`}"
+	fi
+fi
+if test "${DEFCCNAME+set}" != set; then
+	DEFCCNAME=FILE:/tmp/krb5cc_%{uid}
+fi
+: "${DEFKTNAME=FILE:/etc/krb5.keytab}"
+: "${DEFCKTNAME=FILE:/etc/krb5.client-keytab}"
+AC_MSG_NOTICE([Default ccache name: $DEFCCNAME])
+AC_MSG_NOTICE([Default keytab name: $DEFKTNAME])
+AC_MSG_NOTICE([Default client keytab name: $DEFCKTNAME])
+AC_DEFINE_UNQUOTED(DEFCCNAME, ["$DEFCCNAME"], [Define to default ccache name])
+AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNAME"], [Define to default keytab name])
+AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"],
+                   [Define to default client keytab name])
+
 AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
 V5_AC_OUTPUT_MAKEFILE(.
 
diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index 803d73bd55..c3a33c22b2 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -42,8 +42,6 @@
 
 #if defined(_WIN32)
 #define DEFAULT_PROFILE_FILENAME "krb5.ini"
-#define DEFAULT_KEYTAB_NAME     "FILE:%{WINDOWS}\\krb5kt"
-#define DEFAULT_CLIENT_KEYTAB_NAME "FILE:%{WINDOWS}\\krb5clientkt"
 #else /* !_WINDOWS */
 #if TARGET_OS_MAC
 #define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
@@ -55,8 +53,6 @@
 #define DEFAULT_SECURE_PROFILE_PATH     "/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
 #define DEFAULT_PROFILE_PATH        DEFAULT_SECURE_PROFILE_PATH
 #endif
-#define DEFAULT_KEYTAB_NAME     "FILE:/etc/krb5.keytab"
-#define DEFAULT_CLIENT_KEYTAB_NAME "FILE:/etc/krb5.client-keytab"
 #endif /* _WINDOWS  */
 
 #define DEFAULT_PLUGIN_BASE_DIR "@LIBDIR/krb5/plugins"
diff --git a/src/include/win-mac.h b/src/include/win-mac.h
index 2274d8a51d..daec295b2c 100644
--- a/src/include/win-mac.h
+++ b/src/include/win-mac.h
@@ -231,6 +231,9 @@ HINSTANCE get_lib_instance(void);
 
 #define THREEPARAMOPEN(x,y,z) open(x,y,z)
 
+#define DEFKTNAME "FILE:%{WINDOWS}\\krb5kt"
+#define DEFCKTNAME "FILE:%{WINDOWS}\\krb5clientkt"
+
 #ifndef KRB5_CALLCONV
 #define KRB5_CALLCONV
 #endif
diff --git a/src/krb5-config.M b/src/krb5-config.M
index 56661aee7e..ccc869836f 100644
--- a/src/krb5-config.M
+++ b/src/krb5-config.M
@@ -53,6 +53,15 @@ prints the prefix with which Kerberos was built.
 \fB\--exec-prefix\fP 
 prints the exec-prefix with which Kerberos was built.
 .TP
+\fB\--defccname\fP
+prints the built-in default credential cache name.
+.TP
+\fB\--defktname\fP
+prints the built-in default keytab name.
+.TP
+\fB\--defcktname\fP
+prints the built-in default client keytab name.
+.TP
 \fB\--cflags\fP 
 prints the compiler flags with which Kerberos was built.
 .TP
diff --git a/src/krb5-config.in b/src/krb5-config.in
index b476b4fdd2..c950b36b5d 100755
--- a/src/krb5-config.in
+++ b/src/krb5-config.in
@@ -38,6 +38,9 @@ RPATH_FLAG='@RPATH_FLAG@'
 PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
 PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
 DL_LIB='@DL_LIB@'
+DEFCCNAME='@DEFCCNAME@'
+DEFKTNAME='@DEFKTNAME@'
+DEFCKTNAME='@DEFCKTNAME@'
 
 LIBS='@LIBS@'
 GEN_LIB=@GEN_LIB@
@@ -58,6 +61,15 @@ while test $# != 0; do
 	--cflags)
 	    do_cflags=1
 	    ;;
+	--defccname)
+	    do_defccname=1
+	    ;;
+	--defcktname)
+	    do_defcktname=1
+	    ;;
+	--defktname)
+	    do_defktname=1
+	    ;;
 	--deps)
 	    do_deps=1
 	    ;;
@@ -102,7 +114,10 @@ while test $# != 0; do
 done
 
 # If required options - provide help
-if test -z "$do_all" -a -z "$do_version" -a -z "$do_vendor" -a -z "$do_prefix" -a -z "$do_vendor" -a -z "$do_exec_prefix" -a -z "$do_cflags" -a -z "$do_libs"; then
+if test -z "$do_all" -a -z "$do_version" -a -z "$do_vendor" -a \
+    -z "$do_prefix" -a -z "$do_vendor" -a -z "$do_exec_prefix" -a \
+    -z "$do_defccname" -a -z "$do_defktname" -a -z "$do_defcktname" -a \
+    -z "$do_cflags" -a -z "$do_libs"; then
     do_help=1
 fi
 
@@ -116,6 +131,9 @@ if test -n "$do_help"; then
     echo "        [--vendor]        Vendor information"
     echo "        [--prefix]        Kerberos installed prefix"
     echo "        [--exec-prefix]   Kerberos installed exec_prefix"
+    echo "        [--defccname]     Show built-in default ccache name"
+    echo "        [--defktname]     Show built-in default keytab name"
+    echo "        [--defcktname]    Show built-in default client keytab name"
     echo "        [--cflags]        Compile time CFLAGS"
     echo "        [--libs]          List libraries required to link [LIBRARIES]"
     echo "Libraries:"
@@ -161,6 +179,21 @@ if test -n "$do_exec_prefix"; then
     $all_exit
 fi
 
+if test -n "$do_defccname"; then
+    echo "$DEFCCNAME"
+    $all_exit
+fi
+
+if test -n "$do_defktname"; then
+    echo "$DEFKTNAME"
+    $all_exit
+fi
+
+if test -n "$do_defcktname"; then
+    echo "$DEFCKTNAME"
+    $all_exit
+fi
+
 if test -n "$do_cflags"; then
     if test x"$includedir" != x"/usr/include" ; then
         echo "-I${includedir}"
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 28049e7879..3f2716a2fa 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -242,7 +242,6 @@ krb5_decode_ticket
 krb5_decrypt_tkt_part
 krb5_default_pwd_prompt1
 krb5_default_pwd_prompt2
-krb5_defkeyname
 krb5_deltat_to_string
 krb5_do_preauth
 krb5_encode_authdata_container
diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c
index cb9bb7c938..a2d549da68 100644
--- a/src/lib/krb5/os/ccdefname.c
+++ b/src/lib/krb5/os/ccdefname.c
@@ -226,10 +226,8 @@ get_from_os(krb5_context context)
 static void
 get_from_os(krb5_context context)
 {
-    char *name;
-
-    if (asprintf(&name, "FILE:/tmp/krb5cc_%ld", (long)getuid()) >= 0)
-        context->os_context.default_ccname = name;
+    (void)k5_expand_path_tokens(context, DEFCCNAME,
+                                &context->os_context.default_ccname);
 }
 
 #endif /* not _WIN32 */
diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c
index 93b28dd38c..ffbd14d519 100644
--- a/src/lib/krb5/os/ktdefname.c
+++ b/src/lib/krb5/os/ktdefname.c
@@ -29,8 +29,6 @@
 #include "k5-int.h"
 #include "os-proto.h"
 
-extern char *krb5_defkeyname;
-
 /* this is a an exceedinly gross thing. */
 char *krb5_overridekeyname = NULL;
 
@@ -54,7 +52,7 @@ kt_default_name(krb5_context context, char **name_out)
         profile_release_string(str);
         return ret;
     } else {
-        return k5_expand_path_tokens(context, krb5_defkeyname, name_out);
+        return k5_expand_path_tokens(context, DEFKTNAME, name_out);
     }
 }
 
@@ -75,8 +73,7 @@ k5_kt_client_default_name(krb5_context context, char **name_out)
         profile_release_string(str);
         return ret;
     } else {
-        return k5_expand_path_tokens(context, DEFAULT_CLIENT_KEYTAB_NAME,
-                                     name_out);
+        return k5_expand_path_tokens(context, DEFCKTNAME, name_out);
     }
 }
 
diff --git a/src/lib/krb5/os/osconfig.c b/src/lib/krb5/os/osconfig.c
index b6013c5cff..1f6be6fecc 100644
--- a/src/lib/krb5/os/osconfig.c
+++ b/src/lib/krb5/os/osconfig.c
@@ -35,8 +35,6 @@
 
 #include "k5-int.h"
 
-char *krb5_defkeyname  = DEFAULT_KEYTAB_NAME;
-
 unsigned int krb5_max_dgram_size = MAX_DGRAM_SIZE;
 
 const char *krb5_default_pwd_prompt1 = DEFAULT_PWD_STRING1;
diff --git a/src/man/Makefile.in b/src/man/Makefile.in
index b6f38c9b8a..15a4d53b94 100644
--- a/src/man/Makefile.in
+++ b/src/man/Makefile.in
@@ -6,6 +6,9 @@ GROFF=@GROFF@
 GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c
 localstatedir=@localstatedir@
 sysconfdir=@sysconfdir@
+DEFCCNAME=@DEFCCNAME@
+DEFKTNAME=@DEFKTNAME@
+DEFCKTNAME=@DEFCKTNAME@
 
 MANSUBS=k5identity.sub k5login.sub k5srvutil.sub kadmin.sub kadmind.sub \
 	kdb5_ldap_util.sub kdb5_util.sub kdc.conf.sub kdestroy.sub kinit.sub \
@@ -35,7 +38,10 @@ rstman:
 	    -e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \
 	    -e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \
 	    -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \
-	    -e 's|@SYSCONFDIR@|$(sysconfdir)|g' $? > $@
+	    -e 's|@SYSCONFDIR@|$(sysconfdir)|g' \
+	    -e 's|@CCNAME@|$(DEFCCNAME)|g' \
+	    -e 's|@KTNAME@|$(DEFKTNAME)|g' \
+	    -e 's|@CKTNAME@|$(DEFCKTNAME)|g' $? > $@
 
 all:: $(MANSUBS)