On Tue, Jan 10, 2012 at 1:16 PM, Jeff Layton <jlayton@xxxxxxxxx> wrote:
> On Tue, 10 Jan 2012 13:04:53 -0600
> Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:
>
>> On Tue, Jan 10, 2012 at 12:26 PM, Jeff Layton <jlayton@xxxxxxxxx> wrote:
>> > This was actually requested by the Red Hat QA group, who sometimes work
>> > with multiple krb5.conf files when testing.
>> >
>> > Requested-by: Marko Myllynen <myllynen@xxxxxxxxxx>
>> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx>
>> > ---
>> > cifs.upcall.8.in | 8 +++++++-
>> > cifs.upcall.c | 13 ++++++++++---
>> > 2 files changed, 17 insertions(+), 4 deletions(-)
>> >
>> > diff --git a/cifs.upcall.8.in b/cifs.upcall.8.in
>> > index 0d79a99..3ae0562 100644
>> > --- a/cifs.upcall.8.in
>> > +++ b/cifs.upcall.8.in
>> > @@ -22,7 +22,7 @@
>> > cifs.upcall \- Userspace upcall helper for Common Internet File System (CIFS)
>> > .SH "SYNOPSIS"
>> > .HP \w'\ 'u
>> > -cifs\&.upcall [\-\-trust\-dns|\-t] [\-\-version|\-v] [\-\-legacy\-uid|\-l] {keyid}
>> > +cifs\&.upcall [\-\-trust\-dns|\-t] [\-\-version|\-v] [\-\-legacy\-uid|\-l] [--krb5conf=/path/to/krb5.conf|-k /path/to/...] {keyid}
>> > .SH "DESCRIPTION"
>> > .PP
>> > This tool is part of the cifs-utils suite\&.
>> > @@ -38,6 +38,12 @@ for a particular key type\&. While it can be run directly from the command\-line
>> > This option is deprecated and is currently ignored\&.
>> > .RE
>> > .PP
>> > +\--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf
>> > +.RS 4
>> > +This option allows administrators to set an alternate location for the
>> > +krb5.conf file that cifs.upcall will use.
>> > +.RE
>> > +.PP
>> > \-\-trust\-dns|\-t
>> > .RS 4
>> > With krb5 upcalls, the name used as the host portion of the service principal defaults to the hostname portion of the UNC\&. This option allows the upcall program to reverse resolve the network address of the server in order to get the hostname\&.
>> > diff --git a/cifs.upcall.c b/cifs.upcall.c
>> > index f560d21..0d222cb 100644
>> > --- a/cifs.upcall.c
>> > +++ b/cifs.upcall.c
>> > @@ -759,12 +759,13 @@ lowercase_string(char *c)
>> >
>> > static void usage(void)
>> > {
>> > - fprintf(stderr, "Usage: %s [-t] [-v] [-l] key_serial\n", prog);
>> > + fprintf(stderr, "Usage: %s [-k /path/to/krb5.conf] [-t] [-v] [-l] key_serial\n", prog);
>> > }
>> >
>> > const struct option long_options[] = {
>> > - {"trust-dns", 0, NULL, 't'},
>> > + {"krb5conf", 1, NULL, 'k'},
>> > {"legacy-uid", 0, NULL, 'l'},
>> > + {"trust-dns", 0, NULL, 't'},
>> > {"version", 0, NULL, 'v'},
>> > {NULL, 0, NULL, 0}
>> > };
>> > @@ -792,7 +793,7 @@ int main(const int argc, char *const argv[])
>> >
>> > openlog(prog, 0, LOG_DAEMON);
>> >
>> > - while ((c = getopt_long(argc, argv, "cltv", long_options, NULL)) != -1) {
>> > + while ((c = getopt_long(argc, argv, "ck:ltv", long_options, NULL)) != -1) {
>> > switch (c) {
>> > case 'c':
>> > /* legacy option -- skip it */
>> > @@ -800,6 +801,12 @@ int main(const int argc, char *const argv[])
>> > case 't':
>> > try_dns++;
>> > break;
>> > + case 'k':
>> > + if (setenv("KRB5_CONFIG", optarg, 1) != 0) {
>> > + syslog(LOG_ERR, "unable to set $KRB5_CONFIG: %d", errno);
>> > + goto out;
>> > + }
>> > + break;
>> > case 'l':
>> > legacy_uid++;
>> > break;
>> > --
>> > 1.7.7.4
>> >
>> > --
>> > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
>> > the body of a message to majordomo@xxxxxxxxxxxxxxx
>> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>> Who does getenv on KRB5_CONFIG?
>>
>
> The krb5 libraries.
>
>> Also, is the name of the environment variable as KRB5_CONFIG, decided?
>> It is a common name, perhaps we can change it to something like
>> CIFS_KRB5_CONFIG (and mention it in the manpage) to make it
>> cifs (upcall) specific?
>
> It's a well-known environment variable that affects what krb5.conf the
> krb5 libs will use. What would be the point of changing the name?
>
> --
> Jeff Layton <jlayton@xxxxxxxxx>
got it. Patch looks fine then.
Acked-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
