commit 245fad6be5a32866b2cefad55b3e2d50f6b197af
Author: Steve Dickson <steved@redhat.com>
Date:   Thu Mar 22 11:02:46 2012 -0400

    gssd: Look for user creds in user defined directory
    
    The user credential cache currently is kept in /tmp.
    In upcoming Kerberos release that will be moved to
    /run/user/<username>/. This patch enables gssd to
    look in both the old and new caches
    
    Signed-off-by: Steve Dickson <steved@redhat.com>

diff -up nfs-utils-1.2.5/utils/gssd/gssd.c.orig nfs-utils-1.2.5/utils/gssd/gssd.c
--- nfs-utils-1.2.5/utils/gssd/gssd.c.orig	2011-09-24 07:55:15.000000000 -0400
+++ nfs-utils-1.2.5/utils/gssd/gssd.c	2012-03-22 11:12:47.441219000 -0400
@@ -57,7 +57,7 @@
 
 char pipefs_dir[PATH_MAX] = GSSD_PIPEFS_DIR;
 char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
-char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR;
+char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR ":" GSSD_USER_CRED_DIR;
 char *ccachesearch[GSSD_MAX_CCACHE_SEARCH + 1];
 int  use_memcache = 0;
 int  root_uses_machine_creds = 1;
diff -up nfs-utils-1.2.5/utils/gssd/gssd.h.orig nfs-utils-1.2.5/utils/gssd/gssd.h
--- nfs-utils-1.2.5/utils/gssd/gssd.h.orig	2011-09-24 07:55:15.000000000 -0400
+++ nfs-utils-1.2.5/utils/gssd/gssd.h	2012-03-22 11:12:47.447222000 -0400
@@ -45,6 +45,7 @@
 #define DNOTIFY_SIGNAL		(SIGRTMIN + 3)
 
 #define GSSD_DEFAULT_CRED_DIR			"/tmp"
+#define GSSD_USER_CRED_DIR			"/run/user"
 #define GSSD_DEFAULT_CRED_PREFIX		"krb5cc_"
 #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX	"machine"
 #define GSSD_DEFAULT_KEYTAB_FILE		"/etc/krb5.keytab"
diff -up nfs-utils-1.2.5/utils/gssd/gssd_proc.c.orig nfs-utils-1.2.5/utils/gssd/gssd_proc.c
--- nfs-utils-1.2.5/utils/gssd/gssd_proc.c.orig	2011-09-24 07:55:15.000000000 -0400
+++ nfs-utils-1.2.5/utils/gssd/gssd_proc.c	2012-03-22 11:12:47.455220000 -0400
@@ -949,6 +949,23 @@ int create_auth_rpc_client(struct clnt_i
 	goto out;
 }
 
+static char *
+user_cachedir(char *dirname, uid_t uid)
+{
+	struct passwd *pw;
+	char *ptr;
+
+	if ((pw = getpwuid(uid)) == NULL) {
+		printerr(0, "user_cachedir: Failed to find '%d' uid"
+			    " for cache directory\n");
+		return NULL;
+	}
+	ptr = malloc(strlen(dirname)+strlen(pw->pw_name)+2);
+	if (ptr)
+		sprintf(ptr, "%s/%s", dirname, pw->pw_name);
+
+	return ptr;
+}
 /*
  * this code uses the userland rpcsec gss library to create a krb5
  * context on behalf of the kernel
@@ -963,7 +980,7 @@ process_krb5_upcall(struct clnt_info *cl
 	gss_buffer_desc		token;
 	char			**credlist = NULL;
 	char			**ccname;
-	char			**dirname;
+	char			**dirname, *dir, *userdir;
 	int			create_resp = -1;
 	int			err, downcall_err = -EACCES;
 
@@ -1006,7 +1023,22 @@ process_krb5_upcall(struct clnt_info *cl
 				service == NULL)) {
 		/* Tell krb5 gss which credentials cache to use */
 		for (dirname = ccachesearch; *dirname != NULL; dirname++) {
-			err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
+			/* See if the user name is needed */
+			if (strncmp(*dirname, GSSD_USER_CRED_DIR, 
+					strlen(GSSD_USER_CRED_DIR)) == 0) {
+				userdir = user_cachedir(*dirname, uid);
+				if (userdir == NULL) 
+					continue;
+				dir = userdir;
+			} else
+				dir = *dirname;
+
+			err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, dir);
+
+			if (userdir) {
+				free(userdir);
+				userdir = NULL;
+			}
 			if (err == -EKEYEXPIRED)
 				downcall_err = -EKEYEXPIRED;
 			else if (!err)