refactor: set env KRB5CCNAME for default ccname when load nif

but also allow kinit/3 to override when the name is not empty string
kafka4beam · Aug 25, 2024 · 86859ec · 86859ec
1 parent 9bec8cd
commit 86859ec
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/c_src/sasl_auth.c b/c_src/sasl_auth.c
@@ -32,6 +32,8 @@ static ERL_NIF_TERM ATOM_NOT_CONTROLLING_PROCESS;
     ERROR_TUPLE(env, enif_make_tuple2(env, enif_make_int(env, code), sasl_error(env, state)));
 
 #define KT_NAME_LEN 1024
+#define DEFAULT_CCNAME "MEMORY:krb5cc_sasl_auth"
+
 
 typedef struct {
     sasl_conn_t* conn;
@@ -143,6 +145,7 @@ static int load(ErlNifEnv* env, void** UNUSED(priv), ERL_NIF_TERM UNUSED(info))
     int cli_result = sasl_client_init(NULL);
     sasl_server_connection_nif_resource_type = init_resource_type(env, "sasl_auth_srv_state");
     int srv_result = sasl_server_init(NULL, "sasl_auth");
+    setenv("KRB5CCNAME", DEFAULT_CCNAME, 1);
     return !sasl_client_connection_nif_resource_type && !(cli_result == SASL_OK)
         && !sasl_server_connection_nif_resource_type && !(srv_result == SASL_OK);
 }
@@ -753,7 +756,9 @@ static ERL_NIF_TERM sasl_kinit(ErlNifEnv* env, int UNUSED(argc), const ERL_NIF_T
      *
      * krb5 doc says krb5_cc_default is essentially krb5_cc_resolve with default ccname, but it does not work.
      * So we set environment variable KRB5CCNAME and call krb5_cc_default instead */
-    setenv("KRB5CCNAME", (const char*)ccname_char, 1);
+    if (ccname_char[0] != 0) {
+        setenv("KRB5CCNAME", (const char*)ccname_char, 1);
+    }
     if ((error = krb5_cc_default(context, &ccache)) != 0) {
         tag = "krb5_cc_default";
         goto kinit_finish;

diff --git a/src/sasl_auth.erl b/src/sasl_auth.erl
@@ -165,12 +165,13 @@ init() ->
 -spec kinit(keytab_path(), principal()) ->
     ok | {error, {binary(), integer(), binary()}}.
 kinit(KeyTabPath, Principal) ->
-    Ccname = ccname(),
-    kinit(KeyTabPath, Principal, Ccname).
+    kinit(KeyTabPath, Principal, <<>>).
 
-%% @doc Initialize credentials from a keytab file and principal.
-%% The CCname is provided for application's flexibility to decide
+%% @hidden Initialize credentials from a keytab file and principal.
+%% The argument CCname is provided for application's flexibility to decide
 %% which credentials cache type or name to use.
+%% When set to empty string, the default cache name `MEMORY:krb5cc_sasl_auth'
+%% is used.
 %% e.g. `FILE:/tmp/krb5cc_mycache' or `MEMORY:krbcc5_mycache'
 %%
 %% CAUTION: Changing credentials cache name at runtime is not tested!
@@ -356,6 +357,3 @@ not_loaded(Line) ->
             )
         ]}
     ).
-
-ccname() ->
-    "MEMORY:krb5cc_" ++ atom_to_list(node()).