On Tue, 10 Jan 2012 13:04:53 -0600
Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:
> On Tue, Jan 10, 2012 at 12:26 PM, Jeff Layton <jlayton@xxxxxxxxx> wrote:
> > This was actually requested by the Red Hat QA group, who sometimes work
> > with multiple krb5.conf files when testing.
> >
> > Requested-by: Marko Myllynen <myllynen@xxxxxxxxxx>
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
> > ---
> > cifs.upcall.8.in | 8 +++++++-
> > cifs.upcall.c | 13 ++++++++++---
> > 2 files changed, 17 insertions(+), 4 deletions(-)
> >
> > diff --git a/cifs.upcall.8.in b/cifs.upcall.8.in
> > index 0d79a99..3ae0562 100644
> > --- a/cifs.upcall.8.in
> > +++ b/cifs.upcall.8.in
> > @@ -22,7 +22,7 @@
> > cifs.upcall \- Userspace upcall helper for Common Internet File System (CIFS)
> > .SH "SYNOPSIS"
> > .HP \w'\ 'u
> > -cifs\&.upcall [\-\-trust\-dns|\-t] [\-\-version|\-v] [\-\-legacy\-uid|\-l] {keyid}
> > +cifs\&.upcall [\-\-trust\-dns|\-t] [\-\-version|\-v] [\-\-legacy\-uid|\-l] [--krb5conf=/path/to/krb5.conf|-k /path/to/...] {keyid}
> > .SH "DESCRIPTION"
> > .PP
> > This tool is part of the cifs-utils suite\&.
> > @@ -38,6 +38,12 @@ for a particular key type\&. While it can be run directly from the command\-line
> > This option is deprecated and is currently ignored\&.
> > .RE
> > .PP
> > +\--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf
> > +.RS 4
> > +This option allows administrators to set an alternate location for the
> > +krb5.conf file that cifs.upcall will use.
> > +.RE
> > +.PP
> > \-\-trust\-dns|\-t
> > .RS 4
> > With krb5 upcalls, the name used as the host portion of the service principal defaults to the hostname portion of the UNC\&. This option allows the upcall program to reverse resolve the network address of the server in order to get the hostname\&.
> > diff --git a/cifs.upcall.c b/cifs.upcall.c
> > index f560d21..0d222cb 100644
> > --- a/cifs.upcall.c
> > +++ b/cifs.upcall.c
> > @@ -759,12 +759,13 @@ lowercase_string(char *c)
> >
> > static void usage(void)
> > {
> > - fprintf(stderr, "Usage: %s [-t] [-v] [-l] key_serial\n", prog);
> > + fprintf(stderr, "Usage: %s [-k /path/to/krb5.conf] [-t] [-v] [-l] key_serial\n", prog);
> > }
> >
> > const struct option long_options[] = {
> > - {"trust-dns", 0, NULL, 't'},
> > + {"krb5conf", 1, NULL, 'k'},
> > {"legacy-uid", 0, NULL, 'l'},
> > + {"trust-dns", 0, NULL, 't'},
> > {"version", 0, NULL, 'v'},
> > {NULL, 0, NULL, 0}
> > };
> > @@ -792,7 +793,7 @@ int main(const int argc, char *const argv[])
> >
> > openlog(prog, 0, LOG_DAEMON);
> >
> > - while ((c = getopt_long(argc, argv, "cltv", long_options, NULL)) != -1) {
> > + while ((c = getopt_long(argc, argv, "ck:ltv", long_options, NULL)) != -1) {
> > switch (c) {
> > case 'c':
> > /* legacy option -- skip it */
> > @@ -800,6 +801,12 @@ int main(const int argc, char *const argv[])
> > case 't':
> > try_dns++;
> > break;
> > + case 'k':
> > + if (setenv("KRB5_CONFIG", optarg, 1) != 0) {
> > + syslog(LOG_ERR, "unable to set $KRB5_CONFIG: %d", errno);
> > + goto out;
> > + }
> > + break;
> > case 'l':
> > legacy_uid++;
> > break;
> > --
> > 1.7.7.4
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> Who does getenv on KRB5_CONFIG?
>
The krb5 libraries.
> Also, is the name of the environment variable as KRB5_CONFIG, decided?
> It is a common name, perhaps we can change it to something like
> CIFS_KRB5_CONFIG (and mention it in the manpage) to make it
> cifs (upcall) specific?
It's a well-known environment variable that affects what krb5.conf the
krb5 libs will use. What would be the point of changing the name?
--
Jeff Layton <jlayton@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
