rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0003-Allow-kernel-keyring-CCACHE-when-supported.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   99b6f751f47d0f0f7fd39c8db26b5b765e53e735
  2.   SOURCES
  3.   0003-Allow-kernel-keyring-CCACHE-when-supported.patch
Blob History Raw
99b6f7 
From a66fc51f69b0d19ecb63a5a78d2a052e810913c9 Mon Sep 17 00:00:00 2001
99b6f7 
From: Martin Kosek <mkosek@redhat.com>
99b6f7 
Date: Wed, 6 Nov 2013 12:48:26 +0100
99b6f7 
Subject: [PATCH] Allow kernel keyring CCACHE when supported
99b6f7
99b6f7 
Allow ipa-server-install and ipa-client-install to allow kernel keyring
99b6f7 
ccache when supported.
99b6f7
99b6f7 
https://fedorahosted.org/freeipa/ticket/4013
99b6f7 
---
99b6f7 
 install/share/krb5.conf.template          |  2 +-
99b6f7 
 ipa-client/ipa-install/ipa-client-install | 11 +++++++++++
99b6f7 
 ipapython/kernel_keyring.py               |  6 ++++++
99b6f7 
 ipaserver/install/krbinstance.py          | 16 ++++++++++++++++
99b6f7 
 4 files changed, 34 insertions(+), 1 deletion(-)
99b6f7
99b6f7 
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template
99b6f7 
index 01e66881b0a38e342886727ec205ea9b7c057ad2..7c82083e3331cfacccc1995cd9dfa6ddd88edd1f 100644
99b6f7 
--- a/install/share/krb5.conf.template
99b6f7 
+++ b/install/share/krb5.conf.template
99b6f7 
@@ -12,7 +12,7 @@ includedir /var/lib/sss/pubconf/krb5.include.d/
99b6f7 
  rdns = false
99b6f7 
  ticket_lifetime = 24h
99b6f7 
  forwardable = yes
99b6f7 
-
99b6f7 
+$OTHER_LIBDEFAULTS
99b6f7 
 [realms]
99b6f7 
  $REALM = {
99b6f7 
   kdc = $FQDN:88
99b6f7 
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
99b6f7 
index 8e4695b42e9178725353dee2a4797a8da9b635b3..9b99953551fcffa64b16605d701831a49ba0e087 100755
99b6f7 
--- a/ipa-client/ipa-install/ipa-client-install
99b6f7 
+++ b/ipa-client/ipa-install/ipa-client-install
99b6f7 
@@ -43,6 +43,7 @@ try:
99b6f7 
         run, user_input, CalledProcessError, file_exists, realm_to_suffix)
99b6f7 
     import ipapython.services as ipaservices
99b6f7 
     from ipapython import ipautil, sysrestore, version, certmonger, ipaldap
99b6f7 
+    from ipapython import kernel_keyring
99b6f7 
     from ipapython.config import IPAOptionParser
99b6f7 
     from ipalib import api, errors
99b6f7 
     from ipalib import x509
99b6f7 
@@ -926,6 +927,16 @@ def configure_krb5_conf(cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
99b6f7 
     libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'})
99b6f7 
     libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'})
99b6f7
99b6f7 
+    # Configure KEYRING CCACHE if supported
99b6f7 
+    uid = os.geteuid()
99b6f7 
+    try:
99b6f7 
+        kernel_keyring.get_persistent_key(str(uid))
99b6f7 
+    except ValueError:
99b6f7 
+        pass
99b6f7 
+    else:
99b6f7 
+        libopts.append({'name':'default_ccache_name', 'type':'option',
99b6f7 
+            'value':'KEYRING:persistent:%{uid}'})
99b6f7 
+
99b6f7 
     opts.append({'name':'libdefaults', 'type':'section', 'value':libopts})
99b6f7 
     opts.append({'name':'empty', 'type':'empty'})
99b6f7
99b6f7 
diff --git a/ipapython/kernel_keyring.py b/ipapython/kernel_keyring.py
99b6f7 
index 547dd3de6b45295910b66982e99886135c06335b..c6670c4ade48e9dc9b503f937cbcaead143f19fc 100644
99b6f7 
--- a/ipapython/kernel_keyring.py
99b6f7 
+++ b/ipapython/kernel_keyring.py
99b6f7 
@@ -47,6 +47,12 @@ def get_real_key(key):
99b6f7 
         raise ValueError('key %s not found' % key)
99b6f7 
     return stdout.rstrip()
99b6f7
99b6f7 
+def get_persistent_key(key):
99b6f7 
+    (stdout, stderr, rc) = run(['keyctl', 'get_persistent', KEYRING, key], raiseonerr=False)
99b6f7 
+    if rc:
99b6f7 
+        raise ValueError('persistent key %s not found' % key)
99b6f7 
+    return stdout.rstrip()
99b6f7 
+
99b6f7 
 def has_key(key):
99b6f7 
     """
99b6f7 
     Returns True/False whether the key exists in the keyring.
99b6f7 
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
99b6f7 
index 98687a4002cd7b19faea03acc552759e962d8832..48407edb9b0e237cf86e8d4e9059208e52b9c165 100644
99b6f7 
--- a/ipaserver/install/krbinstance.py
99b6f7 
+++ b/ipaserver/install/krbinstance.py
99b6f7 
@@ -31,6 +31,7 @@
99b6f7 
 from ipapython import sysrestore
99b6f7 
 from ipapython import ipautil
99b6f7 
 from ipapython import services as ipaservices
99b6f7 
+from ipapython import kernel_keyring
99b6f7 
 from ipalib import errors
99b6f7 
 from ipapython.ipa_log_manager import *
99b6f7 
 from ipapython.dn import DN
99b6f7 
@@ -252,6 +253,21 @@ def __setup_sub_dict(self):
99b6f7 
             dr_map = ""
99b6f7 
         self.sub_dict['OTHER_DOMAIN_REALM_MAPS'] = dr_map
99b6f7
99b6f7 
+        # Configure KEYRING CCACHE if supported
99b6f7 
+        uid = os.geteuid()
99b6f7 
+        try:
99b6f7 
+            kernel_keyring.get_persistent_key(str(uid))
99b6f7 
+        except ValueError:
99b6f7 
+            keyring_ccache_supported = False
99b6f7 
+        else:
99b6f7 
+            keyring_ccache_supported = True
99b6f7 
+
99b6f7 
+        if keyring_ccache_supported:
99b6f7 
+            self.sub_dict['OTHER_LIBDEFAULTS'] = \
99b6f7 
+                " default_ccache_name = KEYRING:persistent:%{uid}\n"
99b6f7 
+        else:
99b6f7 
+            self.sub_dict['OTHER_LIBDEFAULTS'] = ''
99b6f7 
+
99b6f7 
     def __configure_sasl_mappings(self):
99b6f7 
         # we need to remove any existing SASL mappings in the directory as otherwise they
99b6f7 
         # they may conflict.
99b6f7 
--
99b6f7 
1.8.3.1
99b6f7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation