diff options
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | client/internal.h | 5 | ||||
| -rw-r--r-- | client/krb5.c | 37 | ||||
| -rw-r--r-- | client/wallet.c | 2 |
5 files changed, 39 insertions, 14 deletions
@@ -44,6 +44,12 @@ wallet 0.10 (unreleased) Report ACL names as well as numbers in object history. + The wallet client now uses a temporary disk ticket cache when + obtaining tickets with the -u option rather than an in-memory cache, + allowing for a libremctl built against a different Kerberos + implementation than the wallet client. This primarily helps with + testing. + wallet 0.9 (2008-04-24) The wallet command-line client now reads the data for store from a @@ -2,9 +2,6 @@ Release 0.10: -* Switch to using a disk cache in case the wallet client and libremctl are - built against different versions of Kerberos. - * Remove stub fork hook from Wallet::Kadmin::MIT. * Handle unchanging support for Heimdal. diff --git a/client/internal.h b/client/internal.h index 860ef54..e48616a 100644 --- a/client/internal.h +++ b/client/internal.h @@ -22,10 +22,11 @@ BEGIN_DECLS /* * Given a Kerberos context and a principal name, obtain Kerberos credentials - * for that principal and store them in a memory cache for use by later - * operations. + * for that principal and store them in a temporary ticket cache for use by + * later operations. kdestroy() then cleans up that cache. */ void kinit(krb5_context, const char *principal); +void kdestroy(void); /* * Given a remctl object, run a remctl command. If data is non-NULL, saves diff --git a/client/krb5.c b/client/krb5.c index 3338f8a..3698dd3 100644 --- a/client/krb5.c +++ b/client/krb5.c @@ -6,7 +6,7 @@ * client. * * Written by Russ Allbery <rra@stanford.edu> - * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University */ #include <config.h> @@ -17,9 +17,6 @@ #include <client/internal.h> #include <util/util.h> -/* The memory cache used for wallet authentication. */ -#define CACHE_NAME "MEMORY:wallet" - /* * Given a Kerberos context and a principal name, authenticate as that user @@ -34,6 +31,8 @@ kinit(krb5_context ctx, const char *principal) krb5_creds creds; krb5_get_init_creds_opt opts; krb5_error_code status; + char cache_name[] = "/tmp/krb5cc_wallet_XXXXXX"; + int fd; /* Obtain a TGT. */ status = krb5_parse_name(ctx, principal, &princ); @@ -46,18 +45,38 @@ kinit(krb5_context ctx, const char *principal) if (status != 0) die_krb5(ctx, status, "authentication failed"); - /* Put the new credentials into a memory cache. */ - status = krb5_cc_resolve(ctx, CACHE_NAME, &ccache); + /* Put the new credentials into a ticket cache. */ + fd = mkstemp(cache_name); + if (fd < 0) + sysdie("cannot create temporary ticket cache", cache_name); + status = krb5_cc_resolve(ctx, cache_name, &ccache); if (status != 0) - die_krb5(ctx, status, "cannot create cache %s", CACHE_NAME); + die_krb5(ctx, status, "cannot create cache %s", cache_name); status = krb5_cc_initialize(ctx, ccache, princ); if (status != 0) - die_krb5(ctx, status, "cannot initialize cache %s", CACHE_NAME); + die_krb5(ctx, status, "cannot initialize cache %s", cache_name); krb5_free_principal(ctx, princ); status = krb5_cc_store_cred(ctx, ccache, &creds); if (status != 0) die_krb5(ctx, status, "cannot store credentials"); krb5_cc_close(ctx, ccache); - if (putenv((char *) "KRB5CCNAME=" CACHE_NAME) != 0) + close(fd); + if (setenv("KRB5CCNAME", cache_name, 1) < 0) sysdie("cannot set KRB5CCNAME"); } + + +/* + * Clean up the temporary ticket cache created by kinit(). + */ +void +kdestroy(void) +{ + const char *cache; + + cache = getenv("KRB5CCNAME"); + if (cache == NULL) + die("cannot destroy temporary ticket cache: KRB5CCNAME is not set"); + if (unlink(cache) < 0) + sysdie("cannot destroy temporary ticket cache"); +} diff --git a/client/wallet.c b/client/wallet.c index 89135dd..4225d45 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -260,5 +260,7 @@ main(int argc, char *argv[]) } remctl_close(r); krb5_free_context(ctx); + if (options.user != NULL) + kdestroy(); exit(status); } |