diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-06-15 11:14:39 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-07-02 00:59:45 -0400 |
| commit | d1fe0728c830fe52bdcb5d53c517a9462391069d (patch) | |
| tree | 9030eff3f99c4fb2f240380999b09be246b8fb41 /src/lib | |
| parent | 49ba7c90fce86581ff6faaa9ee48c80b0be9491e (diff) | |
| download | krb5-d1fe0728c830fe52bdcb5d53c517a9462391069d.tar.gz krb5-d1fe0728c830fe52bdcb5d53c517a9462391069d.tar.xz krb5-d1fe0728c830fe52bdcb5d53c517a9462391069d.zip | |
Add krb5_kt_client_default API
The default client keytab is intended to be used to automatically
acquire initial credentials for client applications. The current
hardcoded default is a placeholder, and will likely change before
1.11.
Add test framework settings to ensure that a system default client
keytab doesn't interfere with tests, and to allow tests to be written
to deliberately use the default client keytab.
Add documentation about keytabs to the concepts section of the RST
docs, and describe the default client keytab there.
ticket: 7188 (new)
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/keytab/ktdefault.c | 14 | ||||
| -rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 | ||||
| -rw-r--r-- | src/lib/krb5/os/ktdefname.c | 33 |
3 files changed, 48 insertions, 0 deletions
diff --git a/src/lib/krb5/keytab/ktdefault.c b/src/lib/krb5/keytab/ktdefault.c index 7ee94edae..2b1c298ce 100644 --- a/src/lib/krb5/keytab/ktdefault.c +++ b/src/lib/krb5/keytab/ktdefault.c @@ -44,4 +44,18 @@ krb5_kt_default(krb5_context context, krb5_keytab *id) return krb5_kt_resolve(context, defname, id); } +krb5_error_code KRB5_CALLCONV +krb5_kt_client_default(krb5_context context, krb5_keytab *keytab_out) +{ + krb5_error_code ret; + char *name; + + ret = k5_kt_client_default_name(context, &name); + if (ret) + return ret; + ret = krb5_kt_resolve(context, name, keytab_out); + free(name); + return ret; +} + #endif /* LEAN_CLIENT */ diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 0af5150cc..e5acff2d8 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -395,6 +395,7 @@ krb5_is_referral_realm krb5_is_thread_safe krb5_kdc_rep_decrypt_proc krb5_kt_add_entry +krb5_kt_client_default krb5_kt_close krb5_kt_default krb5_kt_default_name diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index afc344e4d..a213750db 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -74,3 +74,36 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size) } return 0; } + +krb5_error_code +k5_kt_client_default_name(krb5_context context, char **name_out) +{ + char *str, *name; + + *name_out = NULL; + if (!context->profile_secure && + (str = getenv("KRB5_CLIENT_KTNAME")) != NULL) { + name = strdup(str); + } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DEFAULT_CLIENT_KEYTAB_NAME, NULL, + NULL, &str) == 0 && str != NULL) { + name = strdup(str); + profile_release_string(str); + } else { +#ifdef _WIN32 + char windir[160]; + unsigned int len; + + len = GetWindowsDirectory(windir, sizeof(windir) - 2); + windir[len] = '\0'; + if (asprintf(&name, DEFAULT_CLIENT_KEYTAB_NAME, windir) < 0) + return ENOMEM; +#else + name = strdup(DEFAULT_CLIENT_KEYTAB_NAME); +#endif + } + if (name == NULL) + return ENOMEM; + *name_out = name; + return 0; +} |