* [PATCH 1/2] scan for DIR: ccaches, too
@ 2012-08-21 20:51 Nalin Dahyabhai
2012-08-23 16:34 ` Steve Dickson
0 siblings, 1 reply; 2+ messages in thread
From: Nalin Dahyabhai @ 2012-08-21 20:51 UTC (permalink / raw)
To: linux-nfs
In addition to matching "FILE:krb5cc_*" in the specified directory or
directories, also match "DIR:krb5cc*", if we find subdirectories with
names that match the search pattern.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
---
utils/gssd/gssd.h | 2 +-
utils/gssd/krb5_util.c | 50 ++++++++++++++++++++++++++++++++------------------
2 files changed, 33 insertions(+), 19 deletions(-)
diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
index 71a140b..1d923d7 100644
--- a/utils/gssd/gssd.h
+++ b/utils/gssd/gssd.h
@@ -46,7 +46,7 @@
#define GSSD_DEFAULT_CRED_DIR "/tmp"
#define GSSD_USER_CRED_DIR "/run/user"
-#define GSSD_DEFAULT_CRED_PREFIX "krb5cc_"
+#define GSSD_DEFAULT_CRED_PREFIX "krb5cc"
#define GSSD_DEFAULT_MACHINE_CRED_SUFFIX "machine"
#define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab"
#define GSSD_SERVICE_NAME "nfs"
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 887d118..2389276 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -139,7 +139,7 @@ int limit_to_legacy_enctypes = 0;
static int select_krb5_ccache(const struct dirent *d);
static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
- struct dirent **d);
+ const char **cctype, struct dirent **d);
static int gssd_get_single_krb5_cred(krb5_context context,
krb5_keytab kt, struct gssd_k5_kt_princ *ple, int nocache);
static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
@@ -178,7 +178,8 @@ select_krb5_ccache(const struct dirent *d)
* code otherwise.
*/
static int
-gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
+gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
+ const char **cctype, struct dirent **d)
{
struct dirent **namelist;
int n;
@@ -192,6 +193,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
int score, best_match_score = 0, err = -EACCES;
memset(&best_match_stat, 0, sizeof(best_match_stat));
+ *cctype = NULL;
*d = NULL;
n = scandir(dirname, &namelist, select_krb5_ccache, 0);
if (n < 0) {
@@ -203,41 +205,51 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
for (i = 0; i < n; i++) {
snprintf(statname, sizeof(statname),
"%s/%s", dirname, namelist[i]->d_name);
- printerr(3, "CC file '%s' being considered, "
+ printerr(3, "CC '%s' being considered, "
"with preferred realm '%s'\n",
statname, preferred_realm ?
preferred_realm : "<none selected>");
- snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname,
- namelist[i]->d_name);
if (lstat(statname, &tmp_stat)) {
- printerr(0, "Error doing stat on file '%s'\n",
+ printerr(0, "Error doing stat on '%s'\n",
statname);
free(namelist[i]);
continue;
}
/* Only pick caches owned by the user (uid) */
if (tmp_stat.st_uid != uid) {
- printerr(3, "CC file '%s' owned by %u, not %u\n",
+ printerr(3, "CC '%s' owned by %u, not %u\n",
statname, tmp_stat.st_uid, uid);
free(namelist[i]);
continue;
}
- if (!S_ISREG(tmp_stat.st_mode)) {
- printerr(3, "CC file '%s' is not a regular file\n",
+ if (!S_ISREG(tmp_stat.st_mode) &&
+ !S_ISDIR(tmp_stat.st_mode)) {
+ printerr(3, "CC '%s' is not a regular "
+ "file or directory\n",
statname);
free(namelist[i]);
continue;
}
if (uid == 0 && !root_uses_machine_creds &&
strstr(namelist[i]->d_name, "_machine_")) {
- printerr(3, "CC file '%s' not available to root\n",
+ printerr(3, "CC '%s' not available to root\n",
statname);
free(namelist[i]);
continue;
}
+ if (S_ISDIR(tmp_stat.st_mode)) {
+ *cctype = "DIR";
+ } else
+ if (S_ISREG(tmp_stat.st_mode)) {
+ *cctype = "FILE";
+ } else {
+ continue;
+ }
+ snprintf(buf, sizeof(buf), "%s:%s/%s", *cctype,
+ dirname, namelist[i]->d_name);
if (!query_krb5_ccache(buf, &princname, &realm)) {
- printerr(3, "CC file '%s' is expired or corrupt\n",
- statname);
+ printerr(3, "CC '%s' is expired or corrupt\n",
+ buf);
free(namelist[i]);
err = -EKEYEXPIRED;
continue;
@@ -248,9 +260,9 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
strcmp(realm, preferred_realm) == 0)
score++;
- printerr(3, "CC file '%s'(%s@%s) passed all checks and"
+ printerr(3, "CC '%s'(%s@%s) passed all checks and"
" has mtime of %u\n",
- statname, princname, realm,
+ buf, princname, realm,
tmp_stat.st_mtime);
/*
* if more than one match is found, return the most
@@ -284,10 +296,11 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
else {
free(namelist[i]);
}
- printerr(3, "CC file '%s/%s' is our "
+ printerr(3, "CC '%s:%s/%s' is our "
"current best match "
"with mtime of %u\n",
- dirname, best_match_dir->d_name,
+ cctype, dirname,
+ best_match_dir->d_name,
best_match_stat.st_mtime);
}
free(princname);
@@ -1026,17 +1039,18 @@ int
gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname)
{
char buf[MAX_NETOBJ_SZ];
+ const char *cctype;
struct dirent *d;
int err;
printerr(2, "getting credentials for client with uid %u for "
"server %s\n", uid, servername);
memset(buf, 0, sizeof(buf));
- err = gssd_find_existing_krb5_ccache(uid, dirname, &d);
+ err = gssd_find_existing_krb5_ccache(uid, dirname, &cctype, &d);
if (err)
return err;
- snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name);
+ snprintf(buf, sizeof(buf), "%s:%s/%s", cctype, dirname, d->d_name);
free(d);
printerr(2, "using %s as credentials cache for client with "
--
1.7.11.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/2] scan for DIR: ccaches, too
2012-08-21 20:51 [PATCH 1/2] scan for DIR: ccaches, too Nalin Dahyabhai
@ 2012-08-23 16:34 ` Steve Dickson
0 siblings, 0 replies; 2+ messages in thread
From: Steve Dickson @ 2012-08-23 16:34 UTC (permalink / raw)
To: Nalin Dahyabhai; +Cc: linux-nfs
On 08/21/2012 04:51 PM, Nalin Dahyabhai wrote:
> In addition to matching "FILE:krb5cc_*" in the specified directory or
> directories, also match "DIR:krb5cc*", if we find subdirectories with
> names that match the search pattern.
>
> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Committed...
steved.
> ---
> utils/gssd/gssd.h | 2 +-
> utils/gssd/krb5_util.c | 50 ++++++++++++++++++++++++++++++++------------------
> 2 files changed, 33 insertions(+), 19 deletions(-)
>
> diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
> index 71a140b..1d923d7 100644
> --- a/utils/gssd/gssd.h
> +++ b/utils/gssd/gssd.h
> @@ -46,7 +46,7 @@
>
> #define GSSD_DEFAULT_CRED_DIR "/tmp"
> #define GSSD_USER_CRED_DIR "/run/user"
> -#define GSSD_DEFAULT_CRED_PREFIX "krb5cc_"
> +#define GSSD_DEFAULT_CRED_PREFIX "krb5cc"
> #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX "machine"
> #define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab"
> #define GSSD_SERVICE_NAME "nfs"
> diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
> index 887d118..2389276 100644
> --- a/utils/gssd/krb5_util.c
> +++ b/utils/gssd/krb5_util.c
> @@ -139,7 +139,7 @@ int limit_to_legacy_enctypes = 0;
>
> static int select_krb5_ccache(const struct dirent *d);
> static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
> - struct dirent **d);
> + const char **cctype, struct dirent **d);
> static int gssd_get_single_krb5_cred(krb5_context context,
> krb5_keytab kt, struct gssd_k5_kt_princ *ple, int nocache);
> static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
> @@ -178,7 +178,8 @@ select_krb5_ccache(const struct dirent *d)
> * code otherwise.
> */
> static int
> -gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
> +gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
> + const char **cctype, struct dirent **d)
> {
> struct dirent **namelist;
> int n;
> @@ -192,6 +193,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
> int score, best_match_score = 0, err = -EACCES;
>
> memset(&best_match_stat, 0, sizeof(best_match_stat));
> + *cctype = NULL;
> *d = NULL;
> n = scandir(dirname, &namelist, select_krb5_ccache, 0);
> if (n < 0) {
> @@ -203,41 +205,51 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
> for (i = 0; i < n; i++) {
> snprintf(statname, sizeof(statname),
> "%s/%s", dirname, namelist[i]->d_name);
> - printerr(3, "CC file '%s' being considered, "
> + printerr(3, "CC '%s' being considered, "
> "with preferred realm '%s'\n",
> statname, preferred_realm ?
> preferred_realm : "<none selected>");
> - snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname,
> - namelist[i]->d_name);
> if (lstat(statname, &tmp_stat)) {
> - printerr(0, "Error doing stat on file '%s'\n",
> + printerr(0, "Error doing stat on '%s'\n",
> statname);
> free(namelist[i]);
> continue;
> }
> /* Only pick caches owned by the user (uid) */
> if (tmp_stat.st_uid != uid) {
> - printerr(3, "CC file '%s' owned by %u, not %u\n",
> + printerr(3, "CC '%s' owned by %u, not %u\n",
> statname, tmp_stat.st_uid, uid);
> free(namelist[i]);
> continue;
> }
> - if (!S_ISREG(tmp_stat.st_mode)) {
> - printerr(3, "CC file '%s' is not a regular file\n",
> + if (!S_ISREG(tmp_stat.st_mode) &&
> + !S_ISDIR(tmp_stat.st_mode)) {
> + printerr(3, "CC '%s' is not a regular "
> + "file or directory\n",
> statname);
> free(namelist[i]);
> continue;
> }
> if (uid == 0 && !root_uses_machine_creds &&
> strstr(namelist[i]->d_name, "_machine_")) {
> - printerr(3, "CC file '%s' not available to root\n",
> + printerr(3, "CC '%s' not available to root\n",
> statname);
> free(namelist[i]);
> continue;
> }
> + if (S_ISDIR(tmp_stat.st_mode)) {
> + *cctype = "DIR";
> + } else
> + if (S_ISREG(tmp_stat.st_mode)) {
> + *cctype = "FILE";
> + } else {
> + continue;
> + }
> + snprintf(buf, sizeof(buf), "%s:%s/%s", *cctype,
> + dirname, namelist[i]->d_name);
> if (!query_krb5_ccache(buf, &princname, &realm)) {
> - printerr(3, "CC file '%s' is expired or corrupt\n",
> - statname);
> + printerr(3, "CC '%s' is expired or corrupt\n",
> + buf);
> free(namelist[i]);
> err = -EKEYEXPIRED;
> continue;
> @@ -248,9 +260,9 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
> strcmp(realm, preferred_realm) == 0)
> score++;
>
> - printerr(3, "CC file '%s'(%s@%s) passed all checks and"
> + printerr(3, "CC '%s'(%s@%s) passed all checks and"
> " has mtime of %u\n",
> - statname, princname, realm,
> + buf, princname, realm,
> tmp_stat.st_mtime);
> /*
> * if more than one match is found, return the most
> @@ -284,10 +296,11 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
> else {
> free(namelist[i]);
> }
> - printerr(3, "CC file '%s/%s' is our "
> + printerr(3, "CC '%s:%s/%s' is our "
> "current best match "
> "with mtime of %u\n",
> - dirname, best_match_dir->d_name,
> + cctype, dirname,
> + best_match_dir->d_name,
> best_match_stat.st_mtime);
> }
> free(princname);
> @@ -1026,17 +1039,18 @@ int
> gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname)
> {
> char buf[MAX_NETOBJ_SZ];
> + const char *cctype;
> struct dirent *d;
> int err;
>
> printerr(2, "getting credentials for client with uid %u for "
> "server %s\n", uid, servername);
> memset(buf, 0, sizeof(buf));
> - err = gssd_find_existing_krb5_ccache(uid, dirname, &d);
> + err = gssd_find_existing_krb5_ccache(uid, dirname, &cctype, &d);
> if (err)
> return err;
>
> - snprintf(buf, sizeof(buf), "FILE:%s/%s", dirname, d->d_name);
> + snprintf(buf, sizeof(buf), "%s:%s/%s", cctype, dirname, d->d_name);
> free(d);
>
> printerr(2, "using %s as credentials cache for client with "
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-08-23 16:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-21 20:51 [PATCH 1/2] scan for DIR: ccaches, too Nalin Dahyabhai
2012-08-23 16:34 ` Steve Dickson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.