From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 24 Jan 2025 15:13:31 +0000 (+0000)
Subject: daemon: Support reading the keytab from config
X-Git-Tag: 0.9.30~383
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f9dcf776f1b5ed35806871663b160da1f62bdcc;p=pakfire.git

daemon: Support reading the keytab from config

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/pakfire/daemon.c b/src/pakfire/daemon.c
index f1718819..d57affef 100644
--- a/src/pakfire/daemon.c
+++ b/src/pakfire/daemon.c
@@ -57,6 +57,9 @@ struct pakfire_daemon {
 	// URL
 	char url[PATH_MAX];
 
+	// Kerberos Keytab
+	char keytab[PATH_MAX];
+
 	// Event Loop
 	sd_event* loop;
 
@@ -705,18 +708,14 @@ static int pakfire_daemon_auth(sd_event_source* s, uint64_t usec, void* data) {
 	krb5_keytab keytab = NULL;
 	krb5_creds creds = {};
 	const char* error = NULL;
-	const char* path = NULL;
 	char time[128];
 	char* p = NULL;
 	int r;
 
 	DEBUG(daemon->ctx, "Authenticating...\n");
 
-	// XXX We should read this from the configuration
-	path = KRB5_DEFAULT_KEYTAB;
-
 	// Resolve the keytab
-	r = krb5_kt_resolve(daemon->krb5.ctx, path, &keytab);
+	r = krb5_kt_resolve(daemon->krb5.ctx, daemon->keytab, &keytab);
 	if (r) {
 		error = krb5_get_error_message(daemon->krb5.ctx, r);
 
@@ -866,6 +865,7 @@ static int pakfire_daemon_setup_loop(struct pakfire_daemon* daemon) {
 
 static int pakfire_daemon_configure(struct pakfire_daemon* daemon) {
 	struct pakfire_config* config = NULL;
+	const char* keytab = NULL;
 	const char* url = NULL;
 	int r;
 
@@ -885,6 +885,14 @@ static int pakfire_daemon_configure(struct pakfire_daemon* daemon) {
 	if (r < 0)
 		goto ERROR;
 
+	// Fetch the keytab
+	keytab = pakfire_config_get(config, "daemon", "keytab", KRB5_DEFAULT_KEYTAB);
+
+	// Store the keytab
+	r = pakfire_string_set(daemon->keytab, keytab);
+	if (r < 0)
+		goto ERROR;
+
 ERROR:
 	if (config)
 		pakfire_config_unref(config);