From d3bff0ec79eeaddcb3fc6c6869189f0ca1bcd2f0 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Sun, 6 Feb 2005 01:22:49 +0000
Subject: [PATCH] Allow system credentials cache to be configured in krb5.conf

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14566 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kcm/acquire.c | 11 +++++++++--
 kcm/config.c  | 47 ++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 47 insertions(+), 11 deletions(-)

diff --git a/kcm/acquire.c b/kcm/acquire.c
index 75d6f434e..21c8657ba 100644
--- a/kcm/acquire.c
+++ b/kcm/acquire.c
@@ -243,6 +243,10 @@ kcm_password_key_proc(krb5_context context,
     krb5_error_code ret;
     struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed;
 
+    /* we may be called multiple times */
+    krb5_free_salt(context, s->salt);
+    krb5_data_zero(&s->salt.saltvalue);
+
     /* stash the salt */
     s->salt.salttype = salt.salttype;
 
@@ -285,7 +289,10 @@ get_salt_and_kvno(krb5_context context,
 
     memset(&creds, 0, sizeof(creds));
     memset(&reply, 0, sizeof(reply));
-    memset(&s, 0, sizeof(s));
+
+    s.password = NULL;
+    s.salt.salttype = ETYPE_NULL;
+    krb5_data_zero(&s.salt.saltvalue);
 
     *kvno = 0;
     kcm_internal_ccache(context, ccache, &ccdata);
@@ -495,7 +502,7 @@ change_pw_and_update_keytab(krb5_context context,
 
     /* Add SPN aliases, if any */
     spns = krb5_config_get_strings(context, NULL, "kcm",
-				   "spn_aliases", NULL);
+				   "system_ccache", "spn_aliases", NULL);
     if (spns != NULL) {
 	for (i = 0; spns[i] != NULL; i++) {
 	    ret = update_keytab_entries(context, ccache, etypes, cpn,
diff --git a/kcm/config.c b/kcm/config.c
index adfe425ff..2c872074c 100644
--- a/kcm/config.c
+++ b/kcm/config.c
@@ -48,16 +48,16 @@ int detach_from_console = -1;
 #define DETACH_IS_DEFAULT FALSE
 #endif
 
-static char *system_cache_name = NULL;
-static char *system_keytab = NULL;
-static char *system_principal = NULL;
-static char *system_server = NULL;
-static char *system_perms = NULL;
-static char *system_user = NULL;
-static char *system_group = NULL;
+static const char *system_cache_name = NULL;
+static const char *system_keytab = NULL;
+static const char *system_principal = NULL;
+static const char *system_server = NULL;
+static const char *system_perms = NULL;
+static const char *system_user = NULL;
+static const char *system_group = NULL;
 
-static char *renew_life = NULL;
-static char *ticket_life = NULL;
+static const char *renew_life = NULL;
+static const char *ticket_life = NULL;
 
 int name_constraints = -1;
 
@@ -197,12 +197,22 @@ static int parse_owners(kcm_ccache ccache)
     return 0;
 }
 
+static const char *
+kcm_system_config_get_string(const char *string)
+{
+    return krb5_config_get_string(kcm_context, NULL, "kcm",
+				  "system_ccache", string, NULL);
+}
+
 static krb5_error_code
 ccache_init_system(void)
 {
     kcm_ccache ccache;
     krb5_error_code ret;
 
+    if (system_cache_name == NULL)
+	system_cache_name = kcm_system_config_get_string("cc_name");
+
     ret = kcm_ccache_new(kcm_context,
 			 system_cache_name ? system_cache_name : "SYSTEM",
 			 &ccache);
@@ -222,6 +232,9 @@ ccache_init_system(void)
 	return ret;
     }
 
+    if (system_server == NULL)
+	system_server = kcm_system_config_get_string("server");
+
     if (system_server != NULL) {
 	ret = krb5_parse_name(kcm_context, system_server, &ccache->server);
 	if (ret) {
@@ -230,6 +243,9 @@ ccache_init_system(void)
 	}
     }
 
+    if (system_keytab == NULL)
+	system_keytab = kcm_system_config_get_string("keytab_name");
+
     if (system_keytab != NULL) {
 	ret = krb5_kt_resolve(kcm_context, system_keytab, &ccache->key.keytab);
     } else {
@@ -241,6 +257,9 @@ ccache_init_system(void)
     }
 
     if (renew_life == NULL)
+	renew_life = kcm_system_config_get_string("renew_life");
+
+    if (renew_life == NULL)
 	renew_life = "1 month";
 
     if (renew_life != NULL) {
@@ -251,6 +270,9 @@ ccache_init_system(void)
 	}
     }
 
+    if (ticket_life == NULL)
+	ticket_life = kcm_system_config_get_string("ticket_life");
+
     if (ticket_life != NULL) {
 	ccache->tkt_life = parse_time(ticket_life, "s");
 	if (ccache->tkt_life < 0) {
@@ -259,6 +281,9 @@ ccache_init_system(void)
 	}
     }
 
+    if (system_perms == NULL)
+	system_perms = kcm_system_config_get_string("mode");
+
     if (system_perms != NULL) {
 	int mode;
 
@@ -329,6 +354,10 @@ kcm_configure(int argc, char **argv)
 	    max_request = parse_bytes(p, NULL);
     }
 
+    if (system_principal == NULL) {
+	system_principal = kcm_system_config_get_string("principal");
+    }
+
     if (system_principal != NULL) {
 	ret = ccache_init_system();
 	if (ret)
-- 
2.11.4.GIT