walters / rpms / nfs-utils

Forked from rpms/nfs-utils 6 years ago
Clone
Source Code
GIT

Files

drop-post-chown f10 f11 f12 f13 f13-user-steved-pnfs-f13 f14 f14-user-steved-pnfs-f14 f15 f15-user-steved-pnfs-f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f7 f8 f9 master nfs-utils-1_2_0-10_pnfs pnfs-1-2-5-rc1-2011-08-15-1 pnfsd-export-f15 private-jlayton-gssd-1 private-jlayton-ipv6-1 private-jlayton-ipv6-2 private-jlayton-ipv6-3 private-jlayton-ipv6-4 private-nfs-utils-1_2_2-4-pnfs rawhide/user/steved/pnfs-rawhide
  1.   f17
  2.   nfs-utils-1.2.5-gssd-usercreds.patch
Blob Blame History Raw 
commit 245fad6be5a32866b2cefad55b3e2d50f6b197af
Author: Steve Dickson <steved@redhat.com>
Date:   Thu Mar 22 11:02:46 2012 -0400

    gssd: Look for user creds in user defined directory
    
    The user credential cache currently is kept in /tmp.
    In upcoming Kerberos release that will be moved to
    /run/user/<username>/. This patch enables gssd to
    look in both the old and new caches
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff -up nfs-utils-1.2.5/utils/gssd/gssd.c.orig nfs-utils-1.2.5/utils/gssd/gssd.c
--- nfs-utils-1.2.5/utils/gssd/gssd.c.orig	2011-09-24 07:55:15.000000000 -0400
+++ nfs-utils-1.2.5/utils/gssd/gssd.c	2012-03-22 11:12:47.441219000 -0400
@@ -57,7 +57,7 @@
 
 char pipefs_dir[PATH_MAX] = GSSD_PIPEFS_DIR;
 char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
-char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR;
+char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR ":" GSSD_USER_CRED_DIR;
 char *ccachesearch[GSSD_MAX_CCACHE_SEARCH + 1];
 int  use_memcache = 0;
 int  root_uses_machine_creds = 1;
diff -up nfs-utils-1.2.5/utils/gssd/gssd.h.orig nfs-utils-1.2.5/utils/gssd/gssd.h
--- nfs-utils-1.2.5/utils/gssd/gssd.h.orig	2011-09-24 07:55:15.000000000 -0400
+++ nfs-utils-1.2.5/utils/gssd/gssd.h	2012-03-22 11:12:47.447222000 -0400
@@ -45,6 +45,7 @@
 #define DNOTIFY_SIGNAL		(SIGRTMIN + 3)
 
 #define GSSD_DEFAULT_CRED_DIR			"/tmp"
+#define GSSD_USER_CRED_DIR			"/run/user"
 #define GSSD_DEFAULT_CRED_PREFIX		"krb5cc_"
 #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX	"machine"
 #define GSSD_DEFAULT_KEYTAB_FILE		"/etc/krb5.keytab"
diff -up nfs-utils-1.2.5/utils/gssd/gssd_proc.c.orig nfs-utils-1.2.5/utils/gssd/gssd_proc.c
--- nfs-utils-1.2.5/utils/gssd/gssd_proc.c.orig	2011-09-24 07:55:15.000000000 -0400
+++ nfs-utils-1.2.5/utils/gssd/gssd_proc.c	2012-03-22 11:12:47.455220000 -0400
@@ -949,6 +949,23 @@ int create_auth_rpc_client(struct clnt_i
 	goto out;
 }
 
+static char *
+user_cachedir(char *dirname, uid_t uid)
+{
+	struct passwd *pw;
+	char *ptr;
+
+	if ((pw = getpwuid(uid)) == NULL) {
+		printerr(0, "user_cachedir: Failed to find '%d' uid"
+			    " for cache directory\n");
+		return NULL;
+	}
+	ptr = malloc(strlen(dirname)+strlen(pw->pw_name)+2);
+	if (ptr)
+		sprintf(ptr, "%s/%s", dirname, pw->pw_name);
+
+	return ptr;
+}
 /*
  * this code uses the userland rpcsec gss library to create a krb5
  * context on behalf of the kernel
@@ -963,7 +980,7 @@ process_krb5_upcall(struct clnt_info *cl
 	gss_buffer_desc		token;
 	char			**credlist = NULL;
 	char			**ccname;
-	char			**dirname;
+	char			**dirname, *dir, *userdir;
 	int			create_resp = -1;
 	int			err, downcall_err = -EACCES;
 
@@ -1006,7 +1023,22 @@ process_krb5_upcall(struct clnt_info *cl
 				service == NULL)) {
 		/* Tell krb5 gss which credentials cache to use */
 		for (dirname = ccachesearch; *dirname != NULL; dirname++) {
-			err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
+			/* See if the user name is needed */
+			if (strncmp(*dirname, GSSD_USER_CRED_DIR, 
+					strlen(GSSD_USER_CRED_DIR)) == 0) {
+				userdir = user_cachedir(*dirname, uid);
+				if (userdir == NULL) 
+					continue;
+				dir = userdir;
+			} else
+				dir = *dirname;
+
+			err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, dir);
+
+			if (userdir) {
+				free(userdir);
+				userdir = NULL;
+			}
 			if (err == -EKEYEXPIRED)
 				downcall_err = -EKEYEXPIRED;
 			else if (!err)
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.