From: fredrik <fredrik@959494ce-11ee-0310-bf91-de5d638817bd>
Date: Sat, 27 May 2006 02:11:14 +0000 (+0000)
Subject: Allow using the default ccache.
X-Git-Tag: 0.1~32
X-Git-Url: http://git.dolda2000.com/gitweb/?p=doldaconnect.git;a=commitdiff_plain;h=56838143070d2b886c18eb86be7eeae896b9c92a

Allow using the default ccache.


git-svn-id: svn+ssh://svn.dolda2000.com/srv/svn/repos/src/doldaconnect@614 959494ce-11ee-0310-bf91-de5d638817bd
---

diff --git a/daemon/auth-krb5.c b/daemon/auth-krb5.c
index 62827c6..07b9cda 100644
--- a/daemon/auth-krb5.c
+++ b/daemon/auth-krb5.c
@@ -420,43 +420,67 @@ static int opensess(struct authhandle *auth)
 	    flog(LOG_ERR, "could not get passwd entry for forwarded tickets (user %s): %s", data->username, strerror(errno));
 	    return(AUTH_ERR);
 	}
-	buf = sprintf2("/tmp/krb5cc_dc_%i_XXXXXX", pwent->pw_uid);
-	if((fd = mkstemp(buf)) < 0)
+	if(confgetint("auth-krb5", "usedefcc"))
 	{
-	    free(buf);
-	    flog(LOG_ERR, "could not create temporary file for ccache: %s", strerror(errno));
-	    return(AUTH_ERR);
-	}
-	close(fd);
-	buf2 = sprintf2("FILE:%s", buf);
-	if((ret = krb5_cc_resolve(k5context, buf2, &data->ccache)) != 0)
-	{
-	    free(buf);
+	    buf = sprintf2("/tmp/krb5cc_dc_%i_XXXXXX", pwent->pw_uid);
+	    if((fd = mkstemp(buf)) < 0)
+	    {
+		free(buf);
+		flog(LOG_ERR, "could not create temporary file for ccache: %s", strerror(errno));
+		return(AUTH_ERR);
+	    }
+	    close(fd);
+	    buf2 = sprintf2("FILE:%s", buf);
+	    if((ret = krb5_cc_resolve(k5context, buf2, &data->ccache)) != 0)
+	    {
+		free(buf);
+		free(buf2);
+		flog(LOG_ERR, "could not resolve ccache name \"%s\": %s", buf2, error_message(ret));
+		return(AUTH_ERR);
+	    }
+	    setenv("KRB5CCNAME", buf2, 1);
 	    free(buf2);
-	    flog(LOG_ERR, "could not resolve ccache name \"%s\": %s", buf2, error_message(ret));
-	    return(AUTH_ERR);
-	}
-	setenv("KRB5CCNAME", buf2, 1);
-	free(buf2);
-	if((ret = krb5_cc_initialize(k5context, data->ccache, data->ticket->enc_part2->client)) != 0)
-	{
-	    free(buf);
-	    flog(LOG_ERR, "could not initialize ccache: %s", error_message(ret));
-	    return(AUTH_ERR);
-	}
-	if((ret = krb5_cc_store_cred(k5context, data->ccache, data->creds)) != 0)
-	{
-	    free(buf);
-	    flog(LOG_ERR, "could not store forwarded TGT into ccache: %s", error_message(ret));
-	    return(AUTH_ERR);
-	}
-	if(chown(buf, pwent->pw_uid, pwent->pw_gid))
-	{
+	    if((ret = krb5_cc_initialize(k5context, data->ccache, data->ticket->enc_part2->client)) != 0)
+	    {
+		free(buf);
+		flog(LOG_ERR, "could not initialize ccache: %s", error_message(ret));
+		return(AUTH_ERR);
+	    }
+	    if((ret = krb5_cc_store_cred(k5context, data->ccache, data->creds)) != 0)
+	    {
+		free(buf);
+		flog(LOG_ERR, "could not store forwarded TGT into ccache: %s", error_message(ret));
+		return(AUTH_ERR);
+	    }
+	    if(chown(buf, pwent->pw_uid, pwent->pw_gid))
+	    {
+		free(buf);
+		flog(LOG_ERR, "could not chown new ccache to %i:%i: %s", pwent->pw_uid, pwent->pw_gid, strerror(errno));
+		return(AUTH_ERR);
+	    }
 	    free(buf);
-	    flog(LOG_ERR, "could not chown new ccache to %i:%i: %s", pwent->pw_uid, pwent->pw_gid, strerror(errno));
-	    return(AUTH_ERR);
+	} else {
+	    if((buf = krb5_cc_default_name(k5context)) == NULL) {
+		flog(LOG_ERR, "could not get default ccache name");
+		return(AUTH_ERR);
+	    }
+	    if((ret = krb5_cc_resolve(k5context, buf, &data->ccache)) != 0)
+	    {
+		flog(LOG_ERR, "could not resolve ccache name \"%s\": %s", buf2, error_message(ret));
+		return(AUTH_ERR);
+	    }
+	    setenv("KRB5CCNAME", buf, 1);
+	    if((ret = krb5_cc_initialize(k5context, data->ccache, data->ticket->enc_part2->client)) != 0)
+	    {
+		flog(LOG_ERR, "could not initialize ccache: %s", error_message(ret));
+		return(AUTH_ERR);
+	    }
+	    if((ret = krb5_cc_store_cred(k5context, data->ccache, data->creds)) != 0)
+	    {
+		flog(LOG_ERR, "could not store forwarded TGT into ccache: %s", error_message(ret));
+		return(AUTH_ERR);
+	    }
 	}
-	free(buf);
     }
     return(AUTH_SUCCESS);
 }
@@ -571,6 +595,7 @@ static struct configvar myvars[] =
     {CONF_VAR_STRING, "service", {.str = L"doldacond"}},
     {CONF_VAR_STRING, "keytab", {.str = L""}},
     {CONF_VAR_BOOL, "renewcreds", {.num = 1}},
+    {CONF_VAR_BOOL, "usedefcc", {.num = 0}},
     {CONF_VAR_END}
 };