diff options
author | Stef Walter <stefw@gnome.org> | 2012-11-12 11:03:48 +0100 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2012-11-12 11:05:50 +0100 |
commit | cb546913fa993593fdf4e45edbbd6c43f78f5e84 (patch) | |
tree | 67ce54c253793180fcc4665ee208d1815e95e59b /tools | |
parent | 08bd7b69f0da02ee750fa527453c526e627d182d (diff) |
Use a private krb5.conf file
* This helps us connect to the same server consistently.
* Allows --domain-server argument to work properly.
https://bugs.freedesktop.org/show_bug.cgi?id=55487
Diffstat (limited to 'tools')
-rw-r--r-- | tools/Makefile.am | 1 | ||||
-rw-r--r-- | tools/adcli.c | 113 |
2 files changed, 114 insertions, 0 deletions
diff --git a/tools/Makefile.am b/tools/Makefile.am index 0fbf748..43c2b95 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -3,6 +3,7 @@ include $(top_srcdir)/Makefile.decl INCLUDES = \ -I$(top_srcdir) \ -I$(top_srcdir)/library \ + -DKRB5_CONFIG=\""$(sysconfdir)/krb5.conf"\" \ $(NULL) sbin_PROGRAMS = \ diff --git a/tools/adcli.c b/tools/adcli.c index e4bb718..cf676c1 100644 --- a/tools/adcli.c +++ b/tools/adcli.c @@ -26,11 +26,14 @@ #include "adcli.h" #include "adprivate.h" +#include <sys/stat.h> + #include <assert.h> #include <ctype.h> #include <err.h> #include <errno.h> #include <getopt.h> +#include <paths.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -39,6 +42,10 @@ #define EFAIL (-ADCLI_ERR_FAIL) #define EUSAGE (-ADCLI_ERR_CONFIG) +static char *adcli_temp_directory = NULL; +static char *adcli_krb5_conf_filename = NULL; +static char *adcli_krb5_d_directory = NULL; + static char * prompt_password_func (adcli_login_type login_type, const char *name, @@ -101,6 +108,108 @@ read_password_func (adcli_login_type login_type, } static void +cleanup_krb5_conf_directory (void) +{ + if (adcli_krb5_d_directory) { + rmdir (adcli_krb5_d_directory); + free (adcli_krb5_d_directory); + adcli_krb5_d_directory = NULL; + } + + if (adcli_krb5_conf_filename) { + unlink (adcli_krb5_conf_filename); + free (adcli_krb5_conf_filename); + adcli_krb5_conf_filename = NULL; + } + + if (adcli_temp_directory) { + rmdir (adcli_temp_directory); + free (adcli_temp_directory); + adcli_temp_directory = NULL; + } + + unsetenv ("KRB5_CONFIG"); +} + +static void +setup_krb5_conf_directory (adcli_conn *conn) +{ + const char *parent; + const char *krb5_conf; + char *filename = NULL; + char *snippets = NULL; + char *contents = NULL; + char *directory = NULL; + int errn = 0; + FILE *fo; + + krb5_conf = getenv ("KRB5_CONFIG"); + if (!krb5_conf || !krb5_conf[0]) + krb5_conf = KRB5_CONFIG; + + parent = getenv ("TMPDIR"); + if (!parent || !*parent) + parent = _PATH_TMP; + + if (asprintf (&directory, "%s%sadcli-krb5-XXXXXX", parent, + (parent[0] && parent[strlen(parent) - 1]) == '/' ? "" : "/") < 0) + errx (1, "unexpected: out of memory"); + + if (mkdtemp (directory) == NULL) { + errn = errno; + warnx ("couldn't create temporary directory in: %s: %s", + parent, strerror (errn)); + } else { + if (asprintf (&filename, "%s/krb5.conf", directory) < 0 || + asprintf (&snippets, "%s/krb5.d", directory) < 0 || + asprintf (&contents, "include %s\nincludedir %s\n", krb5_conf, snippets) < 0) + errx (1, "unexpected: out of memory"); + } + + if (errn == 0) { + fo = fopen (filename, "wb"); + if (fo == NULL) { + errn = errno; + } else { + fwrite (contents, 1, strlen (contents), fo); + if (ferror (fo)) + errn = errno; + fclose (fo); + if (!errn && ferror (fo)) + errn = errno; + } + + if (errn) { + warnx ("couldn't write new krb5.conf file: %s: %s", + filename, strerror (errn)); + } + } + + + if (errn == 0 && mkdir (snippets, 0700) < 0) { + errn = errno; + warnx ("couldn't write new krb5.d directory: %s: %s", + snippets, strerror (errn)); + } + + if (errn == 0) { + adcli_conn_set_krb5_conf_dir (conn, snippets); + adcli_temp_directory = directory; + adcli_krb5_conf_filename = filename; + adcli_krb5_d_directory = snippets; + setenv ("KRB5_CONFIG", adcli_krb5_conf_filename, 1); + + } else { + free (filename); + free (snippets); + free (directory); + } + + free (contents); + atexit (cleanup_krb5_conf_directory); +} + +static void message_func (adcli_message_type type, const char *message, void *unused_data) @@ -510,6 +619,8 @@ adcli_join (int argc, if (argc != 0) usage (EUSAGE, "join", long_options, NULL); + setup_krb5_conf_directory (conn); + res = adcli_conn_connect (conn); if (res != ADCLI_SUCCESS) { errx (-res, "couldn't connect to %s domain: %s", @@ -596,6 +707,8 @@ adcli_preset (int argc, if (argc < 1) errx (EUSAGE, "specify one or more host names of computer accounts to preset"); + setup_krb5_conf_directory (conn); + adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT); reset_password = (adcli_enroll_get_computer_password (enroll) == NULL); |