diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2007-11-16 11:43:23 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2007-11-16 11:43:23 +0000 |
| commit | 4a25405d214e99ca0a9dc2f9af04869eafbf554b (patch) | |
| tree | 269c1aaeabb9509199c1e01c30ffd59bb34fab22 | |
| parent | 9c9650a553aaa08cc09d4161be1e45ae887f624f (diff) | |
patch from Andreas Schneider <anschneider@suse.de> to get krb5_ccname option working
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@476 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | nslcd/ldap-nss.c | 43 |
2 files changed, 44 insertions, 0 deletions
@@ -67,3 +67,4 @@ Stephen Frost <sfrost@debian.org> Américo Monteiro <a_monteiro@netcabo.pt> Cyril Brulebois <cyril.brulebois@enst-bretagne.fr> Kenshi Muto <kmuto@debian.org> +Andreas Schneider <anschneider@suse.de> diff --git a/nslcd/ldap-nss.c b/nslcd/ldap-nss.c index aeaad80..2cba1b6 100644 --- a/nslcd/ldap-nss.c +++ b/nslcd/ldap-nss.c @@ -342,6 +342,13 @@ static int do_bind(MYLDAP_SESSION *session) int rc; char *binddn,*bindarg; int usesasl; +#ifdef CONFIGURE_KRB5_CCNAME +#ifndef CONFIGURE_KRB5_CCNAME_GSSAPI + char tmpbuf[256]; +#endif + char *ccname; + const char *oldccname = NULL; +#endif /* CONFIGURE_KRB5_CCNAME */ /* * If we're running as root, let us bind as a special * user, so we can fake shadow passwords. @@ -381,6 +388,42 @@ static int do_bind(MYLDAP_SESSION *session) return -1; } } +# ifdef CONFIGURE_KRB5_CCNAME + /* Set default Kerberos ticket cache for SASL-GSSAPI */ + ccname = nslcd_cfg->ldc_krb5_ccname; + if (ccname != NULL) + { + char *ccfile = ccname; + /* Check that cache exists and is readable */ + if ((strncasecmp(ccfile, "FILE:", sizeof("FILE:") - 1) == 0) + || (strncasecmp(ccfile, "WRFILE:", sizeof("WRFILE:") - 1) == 0)) + { + ccfile = strchr(ccfile, ':') + 1; + } + if (access(ccfile, R_OK) == 0) + { +# ifdef CONFIGURE_KRB5_CCNAME_ENV + oldccname = getenv ("KRB5CCNAME"); + if (oldccname != NULL) + { + strncpy (tmpbuf, oldccname, sizeof (tmpbuf)); + tmpbuf[sizeof (tmpbuf) - 1] = '\0'; + } else { + tmpbuf[0] = '\0'; + } + oldccname = tmpbuf; + snprintf(tmpbuf, sizeof (tmpbuf), "KRB5CCNAME=%s", ccname); + putenv (tmpbuf); +# elif defined(CONFIGURE_KRB5_CCNAME_GSSAPI) + if (gss_krb5_ccache_name(&rc, ccname, &oldccname) != GSS_S_COMPLETE) + { + log_log(LOG_ERR, "do_bind: unable to set default credential cache"); + return -1; + } +# endif + } + } +# endif /* CONFIGURE_KRB5_CCNAME */ rc=ldap_sasl_interactive_bind_s(session->ls_conn,binddn,"GSSAPI",NULL,NULL, LDAP_SASL_QUIET, do_sasl_interact,(void *)bindarg); |