svn commit: samba r18200 - in branches/SAMBA_3_0/source/libads: .

jra at samba.org jra at samba.org
Thu Sep 7 04:01:11 GMT 2006


Author: jra
Date: 2006-09-07 04:01:11 +0000 (Thu, 07 Sep 2006)
New Revision: 18200

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18200

Log:
Experimental code to allow system /etc/krb5.conf to be
overwritten by winbindd. Don't enable this :-).
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libads/kerberos.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/kerberos.c
===================================================================
--- branches/SAMBA_3_0/source/libads/kerberos.c	2006-09-07 03:44:05 UTC (rev 18199)
+++ branches/SAMBA_3_0/source/libads/kerberos.c	2006-09-07 04:01:11 UTC (rev 18200)
@@ -516,15 +516,15 @@
 
 BOOL create_local_private_krb5_conf_for_domain(const char *realm, const char *domain, struct in_addr ip)
 {
-	XFILE *xfp = NULL;
 	char *dname = talloc_asprintf(NULL, "%s/smb_krb5", lp_lockdir());
+	char *tmpname = NULL;
 	char *fname = NULL;
 	char *file_contents = NULL;
 	char *kdc_ip_string;
 	size_t flen = 0;
-	size_t ret;
+	ssize_t ret;
+	int fd;
 	char *realm_upper = NULL;
-	int loopcount = 0;
 
 	if (!dname) {
 		return False;
@@ -537,6 +537,12 @@
 		return False;
 	}
 
+	tmpname = talloc_asprintf(dname, "%s/smb_tmp_krb5.XXXXXX", lp_lockdir());
+	if (!tmpname) {
+		TALLOC_FREE(dname);
+		return False;
+	}
+
 	fname = talloc_asprintf(dname, "%s/krb5.conf.%s", dname, domain);
 	if (!fname) {
 		TALLOC_FREE(dname);
@@ -567,62 +573,77 @@
 
 	flen = strlen(file_contents);
 
-	while (loopcount < 10) {
-		SMB_STRUCT_STAT st;
-
-		xfp = x_fopen(fname, O_CREAT|O_WRONLY, 0644);
-		if (!xfp) {
-			TALLOC_FREE(dname);
-			return False;
-		}
-		/* Lock the file. */
-		if (!fcntl_lock(xfp->fd, F_SETLKW, 0, 1, F_WRLCK)) {
-			unlink(fname);
-			x_fclose(xfp);
-			TALLOC_FREE(dname);
-			return False;
-		}
-
-		/* We got the lock. Is the file still there ? */
-		if (sys_stat(fname,&st)==-1) {
-			if (errno == ENOENT) {
-				/* Nope - try again up to 10x */
-				x_fclose(xfp);
-				loopcount++;
-				continue;	
-			}
-			unlink(fname);
-			x_fclose(xfp);
-			TALLOC_FREE(dname);
-			return False;
-		}
-		break;
+	fd = smb_mkstemp(tmpname);
+	if (fd == -1) {
+		DEBUG(0,("create_local_private_krb5_conf_for_domain: smb_mkstemp failed,"
+			" for file %s. Errno %s\n",
+			tmpname, strerror(errno) ));
 	}
 
-	ret = x_fwrite(file_contents, 1, flen, xfp);
+	ret = write(fd, file_contents, flen);
 	if (flen != ret) {
-		DEBUG(0,("create_local_private_krb5_conf_for_domain: x_fwrite failed,"
-			" returned %u (should be %u). Errno %s\n",
-			(unsigned int)ret, (unsigned int)flen, strerror(errno) ));
-		unlink(fname);
-		x_fclose(xfp);
+		DEBUG(0,("create_local_private_krb5_conf_for_domain: write failed,"
+			" returned %d (should be %u). Errno %s\n",
+			(int)ret, (unsigned int)flen, strerror(errno) ));
+		unlink(tmpname);
+		close(fd);
 		TALLOC_FREE(dname);
 		return False;
 	}
-	if (x_fclose(xfp)==-1) {
-		DEBUG(0,("create_local_private_krb5_conf_for_domain: x_fclose failed."
+	if (close(fd)==-1) {
+		DEBUG(0,("create_local_private_krb5_conf_for_domain: close failed."
 			" Errno %s\n", strerror(errno) ));
-		unlink(fname);
+		unlink(tmpname);
 		TALLOC_FREE(dname);
 		return False;
 	}
 
+	if (rename(tmpname, fname) == -1) {
+		DEBUG(0,("create_local_private_krb5_conf_for_domain: rename "
+			"of %s to %s failed. Errno %s\n",
+			tmpname, fname, strerror(errno) ));
+		unlink(tmpname);
+		TALLOC_FREE(dname);
+		return False;
+	}
+
 	DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
 		"file %s with realm %s KDC = %s\n",
 		fname, realm_upper, inet_ntoa(ip) ));
 
 	/* Set the environment variable to this file. */
 	setenv("KRB5_CONFIG", fname, 1);
+
+#if defined(OVERWRITE_SYSTEM_KRB5_CONF)
+
+	/* Insanity, sheer insanity..... */
+
+	if (symlink(fname, "/etc/krb5.conf") == -1) {
+		if (errno != EEXIST) {
+			DEBUG(0,("create_local_private_krb5_conf_for_domain: symlink "
+				"of %s to /etc/krb5.conf failed. Errno %s\n",
+				fname, strerror(errno) ));
+			TALLOC_FREE(dname);
+			return True; /* Not a fatal error. */
+		}
+
+		if (unlink("/etc/krb5.conf") == -1) {
+			DEBUG(0,("create_local_private_krb5_conf_for_domain: unlink "
+				"of /etc/krb5.conf failed. Errno %s\n",
+				strerror(errno) ));
+			TALLOC_FREE(dname);
+			return True; /* Not a fatal error. */
+		}
+		if (symlink(fname, "/etc/krb5.conf") == -1) {
+			DEBUG(0,("create_local_private_krb5_conf_for_domain: "
+				"forced symlink of %s to /etc/krb5.conf failed. Errno %s\n",
+				fname, strerror(errno) ));
+			TALLOC_FREE(dname);
+			return True; /* Not a fatal error. */
+		}
+	}
+#endif
+
 	TALLOC_FREE(dname);
 
 	return True;



More information about the samba-cvs mailing list