Use a private krb5.conf file

* This helps us connect to the same server consistently. * Allows --domain-server argument to work properly. https://bugs.freedesktop.org/show_bug.cgi?id=55487
author: Stef Walter <stefw@gnome.org> 2012-11-12 11:03:48 +0100
committer: Stef Walter <stefw@gnome.org> 2012-11-12 11:05:50 +0100
commit: cb546913fa993593fdf4e45edbbd6c43f78f5e84 (patch)
tree: 67ce54c253793180fcc4665ee208d1815e95e59b /tools
parent: 08bd7b69f0da02ee750fa527453c526e627d182d (diff)
2 files changed, 114 insertions, 0 deletions
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 0fbf748..43c2b95 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -3,6 +3,7 @@ include $(top_srcdir)/Makefile.decl
 INCLUDES = \
 	-I$(top_srcdir) \
 	-I$(top_srcdir)/library \
+	-DKRB5_CONFIG=\""$(sysconfdir)/krb5.conf"\" \
 	$(NULL)
 
 sbin_PROGRAMS =  \
diff --git a/tools/adcli.c b/tools/adcli.c
index e4bb718..cf676c1 100644
--- a/tools/adcli.c
+++ b/tools/adcli.c
@@ -26,11 +26,14 @@
 #include "adcli.h"
 #include "adprivate.h"
 
+#include <sys/stat.h>
+
 #include <assert.h>
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
 #include <getopt.h>
+#include <paths.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -39,6 +42,10 @@
 #define EFAIL  (-ADCLI_ERR_FAIL)
 #define EUSAGE (-ADCLI_ERR_CONFIG)
 
+static char *adcli_temp_directory = NULL;
+static char *adcli_krb5_conf_filename = NULL;
+static char *adcli_krb5_d_directory = NULL;
+
 static char *
 prompt_password_func (adcli_login_type login_type,
                       const char *name,
@@ -101,6 +108,108 @@ read_password_func (adcli_login_type login_type,
 }
 
 static void
+cleanup_krb5_conf_directory (void)
+{
+	if (adcli_krb5_d_directory) {
+		rmdir (adcli_krb5_d_directory);
+		free (adcli_krb5_d_directory);
+		adcli_krb5_d_directory = NULL;
+	}
+
+	if (adcli_krb5_conf_filename) {
+		unlink (adcli_krb5_conf_filename);
+		free (adcli_krb5_conf_filename);
+		adcli_krb5_conf_filename = NULL;
+	}
+
+	if (adcli_temp_directory) {
+		rmdir (adcli_temp_directory);
+		free (adcli_temp_directory);
+		adcli_temp_directory = NULL;
+	}
+
+	unsetenv ("KRB5_CONFIG");
+}
+
+static void
+setup_krb5_conf_directory (adcli_conn *conn)
+{
+	const char *parent;
+	const char *krb5_conf;
+	char *filename = NULL;
+	char *snippets = NULL;
+	char *contents = NULL;
+	char *directory = NULL;
+	int errn = 0;
+	FILE *fo;
+
+	krb5_conf = getenv ("KRB5_CONFIG");
+	if (!krb5_conf || !krb5_conf[0])
+		krb5_conf = KRB5_CONFIG;
+
+	parent = getenv ("TMPDIR");
+	if (!parent || !*parent)
+		parent = _PATH_TMP;
+
+	if (asprintf (&directory, "%s%sadcli-krb5-XXXXXX", parent,
+	              (parent[0] && parent[strlen(parent) - 1]) == '/' ? "" : "/") < 0)
+		errx (1, "unexpected: out of memory");
+
+	if (mkdtemp (directory) == NULL) {
+		errn = errno;
+		warnx ("couldn't create temporary directory in: %s: %s",
+		       parent, strerror (errn));
+	} else {
+		if (asprintf (&filename, "%s/krb5.conf", directory) < 0 ||
+		    asprintf (&snippets, "%s/krb5.d", directory) < 0 ||
+		    asprintf (&contents, "include %s\nincludedir %s\n", krb5_conf, snippets) < 0)
+			errx (1, "unexpected: out of memory");
+	}
+
+	if (errn == 0) {
+		fo = fopen (filename, "wb");
+		if (fo == NULL) {
+			errn = errno;
+		} else {
+			fwrite (contents, 1, strlen (contents), fo);
+			if (ferror (fo))
+				errn = errno;
+			fclose (fo);
+			if (!errn && ferror (fo))
+				errn = errno;
+		}
+
+		if (errn) {
+			warnx ("couldn't write new krb5.conf file: %s: %s",
+			       filename, strerror (errn));
+		}
+	}
+
+
+	if (errn == 0 && mkdir (snippets, 0700) < 0) {
+		errn = errno;
+		warnx ("couldn't write new krb5.d directory: %s: %s",
+		       snippets, strerror (errn));
+	}
+
+	if (errn == 0) {
+		adcli_conn_set_krb5_conf_dir (conn, snippets);
+		adcli_temp_directory = directory;
+		adcli_krb5_conf_filename = filename;
+		adcli_krb5_d_directory = snippets;
+		setenv ("KRB5_CONFIG", adcli_krb5_conf_filename, 1);
+
+	} else {
+		free (filename);
+		free (snippets);
+		free (directory);
+	}
+
+	free (contents);
+	atexit (cleanup_krb5_conf_directory);
+}
+
+static void
 message_func (adcli_message_type type,
               const char *message,
               void *unused_data)
@@ -510,6 +619,8 @@ adcli_join (int argc,
 	if (argc != 0)
 		usage (EUSAGE, "join", long_options, NULL);
 
+	setup_krb5_conf_directory (conn);
+
 	res = adcli_conn_connect (conn);
 	if (res != ADCLI_SUCCESS) {
 		errx (-res, "couldn't connect to %s domain: %s",
@@ -596,6 +707,8 @@ adcli_preset (int argc,
 	if (argc < 1)
 		errx (EUSAGE, "specify one or more host names of computer accounts to preset");
 
+	setup_krb5_conf_directory (conn);
+
 	adcli_conn_set_allowed_login_types (conn, ADCLI_LOGIN_USER_ACCOUNT);
 	reset_password = (adcli_enroll_get_computer_password (enroll) == NULL);
author	Stef Walter <stefw@gnome.org>	2012-11-12 11:03:48 +0100
committer	Stef Walter <stefw@gnome.org>	2012-11-12 11:05:50 +0100
commit	cb546913fa993593fdf4e45edbbd6c43f78f5e84 (patch)
tree	67ce54c253793180fcc4665ee208d1815e95e59b /tools
parent	08bd7b69f0da02ee750fa527453c526e627d182d (diff)