1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

r18200: Experimental code to allow system /etc/krb5.conf to be

overwritten by winbindd. Don't enable this :-).
Jeremy.
(This used to be commit 88e11ee91a)
This commit is contained in:
Jeremy Allison 2006-09-07 04:01:11 +00:00 committed by Gerald (Jerry) Carter
parent 6410f02fe5
commit 6d4c7b1345

View File

@ -516,15 +516,15 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, struct in_addr
BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, struct in_addr ip)
{
XFILE *xfp = NULL;
char *dname = talloc_asprintf(NULL, "%s/smb_krb5", lp_lockdir());
char *tmpname = NULL;
char *fname = NULL;
char *file_contents = NULL;
char *kdc_ip_string;
size_t flen = 0;
size_t ret;
ssize_t ret;
int fd;
char *realm_upper = NULL;
int loopcount = 0;
if (!dname) {
return False;
@ -537,6 +537,12 @@ BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *do
return False;
}
tmpname = talloc_asprintf(dname, "%s/smb_tmp_krb5.XXXXXX", lp_lockdir());
if (!tmpname) {
TALLOC_FREE(dname);
return False;
}
fname = talloc_asprintf(dname, "%s/krb5.conf.%s", dname, domain);
if (!fname) {
TALLOC_FREE(dname);
@ -567,52 +573,36 @@ BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *do
flen = strlen(file_contents);
while (loopcount < 10) {
SMB_STRUCT_STAT st;
xfp = x_fopen(fname, O_CREAT|O_WRONLY, 0644);
if (!xfp) {
TALLOC_FREE(dname);
return False;
}
/* Lock the file. */
if (!fcntl_lock(xfp->fd, F_SETLKW, 0, 1, F_WRLCK)) {
unlink(fname);
x_fclose(xfp);
TALLOC_FREE(dname);
return False;
}
/* We got the lock. Is the file still there ? */
if (sys_stat(fname,&st)==-1) {
if (errno == ENOENT) {
/* Nope - try again up to 10x */
x_fclose(xfp);
loopcount++;
continue;
}
unlink(fname);
x_fclose(xfp);
TALLOC_FREE(dname);
return False;
}
break;
fd = smb_mkstemp(tmpname);
if (fd == -1) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: smb_mkstemp failed,"
" for file %s. Errno %s\n",
tmpname, strerror(errno) ));
}
ret = x_fwrite(file_contents, 1, flen, xfp);
ret = write(fd, file_contents, flen);
if (flen != ret) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: x_fwrite failed,"
" returned %u (should be %u). Errno %s\n",
(unsigned int)ret, (unsigned int)flen, strerror(errno) ));
unlink(fname);
x_fclose(xfp);
DEBUG(0,("create_local_private_krb5_conf_for_domain: write failed,"
" returned %d (should be %u). Errno %s\n",
(int)ret, (unsigned int)flen, strerror(errno) ));
unlink(tmpname);
close(fd);
TALLOC_FREE(dname);
return False;
}
if (x_fclose(xfp)==-1) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: x_fclose failed."
if (close(fd)==-1) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: close failed."
" Errno %s\n", strerror(errno) ));
unlink(fname);
unlink(tmpname);
TALLOC_FREE(dname);
return False;
}
if (rename(tmpname, fname) == -1) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: rename "
"of %s to %s failed. Errno %s\n",
tmpname, fname, strerror(errno) ));
unlink(tmpname);
TALLOC_FREE(dname);
return False;
}
@ -623,6 +613,37 @@ BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *do
/* Set the environment variable to this file. */
setenv("KRB5_CONFIG", fname, 1);
#if defined(OVERWRITE_SYSTEM_KRB5_CONF)
/* Insanity, sheer insanity..... */
if (symlink(fname, "/etc/krb5.conf") == -1) {
if (errno != EEXIST) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: symlink "
"of %s to /etc/krb5.conf failed. Errno %s\n",
fname, strerror(errno) ));
TALLOC_FREE(dname);
return True; /* Not a fatal error. */
}
if (unlink("/etc/krb5.conf") == -1) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: unlink "
"of /etc/krb5.conf failed. Errno %s\n",
strerror(errno) ));
TALLOC_FREE(dname);
return True; /* Not a fatal error. */
}
if (symlink(fname, "/etc/krb5.conf") == -1) {
DEBUG(0,("create_local_private_krb5_conf_for_domain: "
"forced symlink of %s to /etc/krb5.conf failed. Errno %s\n",
fname, strerror(errno) ));
TALLOC_FREE(dname);
return True; /* Not a fatal error. */
}
}
#endif
TALLOC_FREE(dname);
return True;