forked from public/pyceo
Remove keytab configuration
Instead we'll always use the default keytab, which is /etc/krb5.keytab or the KRB5_KTNAME environment variable.
This commit is contained in:
parent
d6e6b2bc63
commit
60e272e8c6
|
@ -25,9 +25,6 @@ CONFIG_STR(notify_hook)
|
||||||
CONFIG_STR(realm)
|
CONFIG_STR(realm)
|
||||||
|
|
||||||
CONFIG_STR(admin_principal)
|
CONFIG_STR(admin_principal)
|
||||||
CONFIG_STR(admin_keytab)
|
|
||||||
|
|
||||||
CONFIG_STR(admin_bind_userid)
|
CONFIG_STR(admin_bind_userid)
|
||||||
CONFIG_STR(admin_bind_keytab)
|
|
||||||
|
|
||||||
CONFIG_STR(privileged_group)
|
CONFIG_STR(privileged_group)
|
||||||
|
|
|
@ -14,7 +14,7 @@ void ceo_kadm_init() {
|
||||||
kadm5_config_params params;
|
kadm5_config_params params;
|
||||||
memset((void *) ¶ms, 0, sizeof(params));
|
memset((void *) ¶ms, 0, sizeof(params));
|
||||||
|
|
||||||
retval = kadm5_init_with_skey(admin_principal, admin_keytab,
|
retval = kadm5_init_with_skey(admin_principal, NULL /*admin_keytab */,
|
||||||
KADM5_ADMIN_SERVICE, ¶ms, KADM5_STRUCT_VERSION,
|
KADM5_ADMIN_SERVICE, ¶ms, KADM5_STRUCT_VERSION,
|
||||||
KADM5_API_VERSION_2, &handle);
|
KADM5_API_VERSION_2, &handle);
|
||||||
if (retval) {
|
if (retval) {
|
||||||
|
|
10
src/krb5.c
10
src/krb5.c
|
@ -1,4 +1,5 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
#include <krb5.h>
|
#include <krb5.h>
|
||||||
#include <syslog.h>
|
#include <syslog.h>
|
||||||
|
|
||||||
|
@ -43,11 +44,10 @@ void ceo_krb5_init() {
|
||||||
com_err(prog, retval, "while setting default realm");
|
com_err(prog, retval, "while setting default realm");
|
||||||
}
|
}
|
||||||
|
|
||||||
void ceo_krb5_auth(char *principal, char *ktname) {
|
void ceo_krb5_auth(char *principal) {
|
||||||
krb5_error_code retval;
|
krb5_error_code retval;
|
||||||
krb5_creds creds;
|
krb5_creds creds;
|
||||||
krb5_principal princ;
|
krb5_principal princ;
|
||||||
krb5_keytab keytab;
|
|
||||||
krb5_ccache cache;
|
krb5_ccache cache;
|
||||||
krb5_get_init_creds_opt options;
|
krb5_get_init_creds_opt options;
|
||||||
|
|
||||||
|
@ -60,10 +60,7 @@ void ceo_krb5_auth(char *principal, char *ktname) {
|
||||||
if ((retval = krb5_cc_default(context, &cache)))
|
if ((retval = krb5_cc_default(context, &cache)))
|
||||||
com_err(prog, retval, "while resolving credentials cache");
|
com_err(prog, retval, "while resolving credentials cache");
|
||||||
|
|
||||||
if ((retval = krb5_kt_resolve(context, ktname, &keytab)))
|
if ((retval = krb5_get_init_creds_keytab(context, &creds, princ, NULL, 0, NULL, &options)))
|
||||||
com_err(prog, retval, "while resolving keytab %s", admin_bind_keytab);
|
|
||||||
|
|
||||||
if ((retval = krb5_get_init_creds_keytab(context, &creds, princ, keytab, 0, NULL, &options)))
|
|
||||||
com_err(prog, retval, "while getting initial credentials");
|
com_err(prog, retval, "while getting initial credentials");
|
||||||
|
|
||||||
if ((retval = krb5_cc_initialize(context, cache, princ)))
|
if ((retval = krb5_cc_initialize(context, cache, princ)))
|
||||||
|
@ -73,7 +70,6 @@ void ceo_krb5_auth(char *principal, char *ktname) {
|
||||||
com_err(prog, retval, "while storing credentials");
|
com_err(prog, retval, "while storing credentials");
|
||||||
|
|
||||||
krb5_free_cred_contents(context, &creds);
|
krb5_free_cred_contents(context, &creds);
|
||||||
krb5_kt_close(context, keytab);
|
|
||||||
krb5_free_principal(context, princ);
|
krb5_free_principal(context, princ);
|
||||||
krb5_cc_close(context, cache);
|
krb5_cc_close(context, cache);
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@ extern krb5_context context;
|
||||||
void ceo_krb5_init();
|
void ceo_krb5_init();
|
||||||
void ceo_krb5_cleanup();
|
void ceo_krb5_cleanup();
|
||||||
|
|
||||||
void ceo_krb5_auth(char *, char *);
|
void ceo_krb5_auth(char *);
|
||||||
void ceo_krb5_deauth();
|
void ceo_krb5_deauth();
|
||||||
|
|
||||||
int ceo_read_password(char *, unsigned int, int);
|
int ceo_read_password(char *, unsigned int, int);
|
||||||
|
|
|
@ -362,7 +362,7 @@ void ceo_ldap_init() {
|
||||||
int proto = LDAP_DEFAULT_PROTOCOL;
|
int proto = LDAP_DEFAULT_PROTOCOL;
|
||||||
const char *sasl_mech = "GSSAPI";
|
const char *sasl_mech = "GSSAPI";
|
||||||
|
|
||||||
if (!admin_bind_userid || !admin_bind_keytab)
|
if (!admin_bind_userid)
|
||||||
fatal("not configured");
|
fatal("not configured");
|
||||||
|
|
||||||
if (ldap_initialize(&ld, server_url) != LDAP_SUCCESS)
|
if (ldap_initialize(&ld, server_url) != LDAP_SUCCESS)
|
||||||
|
@ -371,7 +371,7 @@ void ceo_ldap_init() {
|
||||||
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto) != LDAP_OPT_SUCCESS)
|
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &proto) != LDAP_OPT_SUCCESS)
|
||||||
ldap_fatal("ldap_set_option");
|
ldap_fatal("ldap_set_option");
|
||||||
|
|
||||||
ceo_krb5_auth(admin_bind_userid, admin_bind_keytab);
|
ceo_krb5_auth(admin_bind_userid);
|
||||||
|
|
||||||
if (ldap_sasl_interactive_bind_s(ld, NULL, sasl_mech, NULL, NULL,
|
if (ldap_sasl_interactive_bind_s(ld, NULL, sasl_mech, NULL, NULL,
|
||||||
LDAP_SASL_QUIET, &ldap_sasl_interact, NULL) != LDAP_SUCCESS)
|
LDAP_SASL_QUIET, &ldap_sasl_interact, NULL) != LDAP_SUCCESS)
|
||||||
|
|
Loading…
Reference in New Issue