| Message ID | 20120821205137.GD9511@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 08/21/2012 04:51 PM, Nalin Dahyabhai wrote: > In addition to matching "FILE:krb5cc_*" in the specified directory or > directories, also match "DIR:krb5cc*", if we find subdirectories with > names that match the search pattern. > > Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Committed... steved. > --- > utils/gssd/gssd.h | 2 +- > utils/gssd/krb5_util.c | 50 ++++++++++++++++++++++++++++++++------------------ > 2 files changed, 33 insertions(+), 19 deletions(-) > > diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h > index 71a140b..1d923d7 100644 > --- a/utils/gssd/gssd.h > +++ b/utils/gssd/gssd.h > @@ -46,7 +46,7 @@ > > #define GSSD_DEFAULT_CRED_DIR "/tmp" > #define GSSD_USER_CRED_DIR "/run/user" > -#define GSSD_DEFAULT_CRED_PREFIX "krb5cc_" > +#define GSSD_DEFAULT_CRED_PREFIX "krb5cc" > #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX "machine" > #define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab" > #define GSSD_SERVICE_NAME "nfs" > diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c > index 887d118..2389276 100644 > --- a/utils/gssd/krb5_util.c > +++ b/utils/gssd/krb5_util.c > @@ -139,7 +139,7 @@ int limit_to_legacy_enctypes = 0; > > static int select_krb5_ccache(const struct dirent *d); > static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, > - struct dirent **d); > + const char **cctype, struct dirent **d); > static int gssd_get_single_krb5_cred(krb5_context context, > krb5_keytab kt, struct gssd_k5_kt_princ *ple, int nocache); > static int query_krb5_ccache(const char* cred_cache, char **ret_princname, > @@ -178,7 +178,8 @@ select_krb5_ccache(const struct dirent *d) > * code otherwise. > */ > static int > -gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) > +gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, > + const char **cctype, struct dirent **d) > { > struct dirent **namelist; > int n; > @@ -192,6 +193,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) > int score, best_match_score = 0, err = -EACCES; > > memset(&best_match_stat, 0, sizeof(best_match_stat)); > + *cctype = NULL; > *d = NULL; > n = scandir(dirname, &namelist, select_krb5_ccache, 0); > if (n < 0) { > @@ -203,41 +205,51 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) > for (i = 0; i < n; i++) { > snprintf(statname, sizeof(statname), > "%s/%s", dirname, namelist[i]->d_name); > - printerr(3, "CC file '%s' being considered, " > + printerr(3, "CC '%s' being considered, " > "with preferred realm '%s'\n", > statname, preferred_realm ? > preferred_realm : "<none selected>"); > - snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, > - namelist[i]->d_name); > if (lstat(statname, &tmp_stat)) { > - printerr(0, "Error doing stat on file '%s'\n", > + printerr(0, "Error doing stat on '%s'\n", > statname); > free(namelist[i]); > continue; > } > /* Only pick caches owned by the user (uid) */ > if (tmp_stat.st_uid != uid) { > - printerr(3, "CC file '%s' owned by %u, not %u\n", > + printerr(3, "CC '%s' owned by %u, not %u\n", > statname, tmp_stat.st_uid, uid); > free(namelist[i]); > continue; > } > - if (!S_ISREG(tmp_stat.st_mode)) { > - printerr(3, "CC file '%s' is not a regular file\n", > + if (!S_ISREG(tmp_stat.st_mode) && > + !S_ISDIR(tmp_stat.st_mode)) { > + printerr(3, "CC '%s' is not a regular " > + "file or directory\n", > statname); > free(namelist[i]); > continue; > } > if (uid == 0 && !root_uses_machine_creds && > strstr(namelist[i]->d_name, "_machine_")) { > - printerr(3, "CC file '%s' not available to root\n", > + printerr(3, "CC '%s' not available to root\n", > statname); > free(namelist[i]); > continue; > } > + if (S_ISDIR(tmp_stat.st_mode)) { > + *cctype = "DIR"; > + } else > + if (S_ISREG(tmp_stat.st_mode)) { > + *cctype = "FILE"; > + } else { > + continue; > + } > + snprintf(buf, sizeof(buf), "%s:%s/%s", *cctype, > + dirname, namelist[i]->d_name); > if (!query_krb5_ccache(buf, &princname, &realm)) { > - printerr(3, "CC file '%s' is expired or corrupt\n", > - statname); > + printerr(3, "CC '%s' is expired or corrupt\n", > + buf); > free(namelist[i]); > err = -EKEYEXPIRED; > continue; > @@ -248,9 +260,9 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) > strcmp(realm, preferred_realm) == 0) > score++; > > - printerr(3, "CC file '%s'(%s@%s) passed all checks and" > + printerr(3, "CC '%s'(%s@%s) passed all checks and" > " has mtime of %u\n", > - statname, princname, realm, > + buf, princname, realm, > tmp_stat.st_mtime); > /* > * if more than one match is found, return the most > @@ -284,10 +296,11 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) > else { > free(namelist[i]); > } > - printerr(3, "CC file '%s/%s' is our " > + printerr(3, "CC '%s:%s/%s' is our " > "current best match " > "with mtime of %u\n", > - dirname, best_match_dir->d_name, > + cctype, dirname, > + best_match_dir->d_name, > best_match_stat.st_mtime); > } > free(princname); > @@ -1026,17 +1039,18 @@ int > gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname) > { > char buf[MAX_NETOBJ_SZ]; > + const char *cctype; > struct dirent *d; > int err; > > printerr(2, "getting credentials for client with uid %u for " > "server %s\n", uid, servername); > memset(buf, 0, sizeof(buf)); > - err = gssd_find_existing_krb5_ccache(uid, dirname, &d); > + err = gssd_find_existing_krb5_ccache(uid, dirname, &cctype, &d); > if (err) > return err; > > - snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name); > + snprintf(buf, sizeof(buf), "%s:%s/%s", cctype, dirname, d->d_name); > free(d); > > printerr(2, "using %s as credentials cache for client with " -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h index 71a140b..1d923d7 100644 --- a/utils/gssd/gssd.h +++ b/utils/gssd/gssd.h @@ -46,7 +46,7 @@ #define GSSD_DEFAULT_CRED_DIR "/tmp" #define GSSD_USER_CRED_DIR "/run/user" -#define GSSD_DEFAULT_CRED_PREFIX "krb5cc_" +#define GSSD_DEFAULT_CRED_PREFIX "krb5cc" #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX "machine" #define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab" #define GSSD_SERVICE_NAME "nfs" diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 887d118..2389276 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -139,7 +139,7 @@ int limit_to_legacy_enctypes = 0; static int select_krb5_ccache(const struct dirent *d); static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, - struct dirent **d); + const char **cctype, struct dirent **d); static int gssd_get_single_krb5_cred(krb5_context context, krb5_keytab kt, struct gssd_k5_kt_princ *ple, int nocache); static int query_krb5_ccache(const char* cred_cache, char **ret_princname, @@ -178,7 +178,8 @@ select_krb5_ccache(const struct dirent *d) * code otherwise. */ static int -gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) +gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, + const char **cctype, struct dirent **d) { struct dirent **namelist; int n; @@ -192,6 +193,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) int score, best_match_score = 0, err = -EACCES; memset(&best_match_stat, 0, sizeof(best_match_stat)); + *cctype = NULL; *d = NULL; n = scandir(dirname, &namelist, select_krb5_ccache, 0); if (n < 0) { @@ -203,41 +205,51 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) for (i = 0; i < n; i++) { snprintf(statname, sizeof(statname), "%s/%s", dirname, namelist[i]->d_name); - printerr(3, "CC file '%s' being considered, " + printerr(3, "CC '%s' being considered, " "with preferred realm '%s'\n", statname, preferred_realm ? preferred_realm : "<none selected>"); - snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, - namelist[i]->d_name); if (lstat(statname, &tmp_stat)) { - printerr(0, "Error doing stat on file '%s'\n", + printerr(0, "Error doing stat on '%s'\n", statname); free(namelist[i]); continue; } /* Only pick caches owned by the user (uid) */ if (tmp_stat.st_uid != uid) { - printerr(3, "CC file '%s' owned by %u, not %u\n", + printerr(3, "CC '%s' owned by %u, not %u\n", statname, tmp_stat.st_uid, uid); free(namelist[i]); continue; } - if (!S_ISREG(tmp_stat.st_mode)) { - printerr(3, "CC file '%s' is not a regular file\n", + if (!S_ISREG(tmp_stat.st_mode) && + !S_ISDIR(tmp_stat.st_mode)) { + printerr(3, "CC '%s' is not a regular " + "file or directory\n", statname); free(namelist[i]); continue; } if (uid == 0 && !root_uses_machine_creds && strstr(namelist[i]->d_name, "_machine_")) { - printerr(3, "CC file '%s' not available to root\n", + printerr(3, "CC '%s' not available to root\n", statname); free(namelist[i]); continue; } + if (S_ISDIR(tmp_stat.st_mode)) { + *cctype = "DIR"; + } else + if (S_ISREG(tmp_stat.st_mode)) { + *cctype = "FILE"; + } else { + continue; + } + snprintf(buf, sizeof(buf), "%s:%s/%s", *cctype, + dirname, namelist[i]->d_name); if (!query_krb5_ccache(buf, &princname, &realm)) { - printerr(3, "CC file '%s' is expired or corrupt\n", - statname); + printerr(3, "CC '%s' is expired or corrupt\n", + buf); free(namelist[i]); err = -EKEYEXPIRED; continue; @@ -248,9 +260,9 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) strcmp(realm, preferred_realm) == 0) score++; - printerr(3, "CC file '%s'(%s@%s) passed all checks and" + printerr(3, "CC '%s'(%s@%s) passed all checks and" " has mtime of %u\n", - statname, princname, realm, + buf, princname, realm, tmp_stat.st_mtime); /* * if more than one match is found, return the most @@ -284,10 +296,11 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) else { free(namelist[i]); } - printerr(3, "CC file '%s/%s' is our " + printerr(3, "CC '%s:%s/%s' is our " "current best match " "with mtime of %u\n", - dirname, best_match_dir->d_name, + cctype, dirname, + best_match_dir->d_name, best_match_stat.st_mtime); } free(princname); @@ -1026,17 +1039,18 @@ int gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname) { char buf[MAX_NETOBJ_SZ]; + const char *cctype; struct dirent *d; int err; printerr(2, "getting credentials for client with uid %u for " "server %s\n", uid, servername); memset(buf, 0, sizeof(buf)); - err = gssd_find_existing_krb5_ccache(uid, dirname, &d); + err = gssd_find_existing_krb5_ccache(uid, dirname, &cctype, &d); if (err) return err; - snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name); + snprintf(buf, sizeof(buf), "%s:%s/%s", cctype, dirname, d->d_name); free(d); printerr(2, "using %s as credentials cache for client with "
In addition to matching "FILE:krb5cc_*" in the specified directory or directories, also match "DIR:krb5cc*", if we find subdirectories with names that match the search pattern. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> --- utils/gssd/gssd.h | 2 +- utils/gssd/krb5_util.c | 50 ++++++++++++++++++++++++++++++++------------------ 2 files changed, 33 insertions(+), 19 deletions(-)