From 31004a5a3b8b4a2d8bf285040e957cf203e8fe37 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 1 Apr 2013 14:55:43 -0400
Subject: Special case client_keytab for root user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use /etc/krb5.keytab when nfsd service tries to acquire creds and
no id is specified in desired_name.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
---
 proxy/src/gp_creds.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 162caf6..35d66af 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -193,6 +193,7 @@ static int gp_get_cred_environment(struct gp_service *svc,
     char *ccache = NULL;
     char *client_keytab = NULL;
     char *keytab = NULL;
+    bool user_requested = false;
     int ret = 0;
 
     target_uid = svc->euid;
@@ -204,6 +205,7 @@ static int gp_get_cred_environment(struct gp_service *svc,
             (gss_oid_equal(&name_type, GSS_C_NT_STRING_UID_NAME) ||
              gss_oid_equal(&name_type, GSS_C_NT_MACHINE_UID_NAME))) {
             target_uid = atol(desired_name->display_name.octet_string_val);
+            user_requested = true;
         } else {
             ret_maj = gp_conv_gssx_to_name(&ret_min, desired_name, &name);
             if (ret_maj) {
@@ -225,11 +227,14 @@ static int gp_get_cred_environment(struct gp_service *svc,
         goto done;
     }
 
-    if (svc->krb5.client_keytab == NULL) {
-        fmtstr = DEFAULT_CLIENT_KEYTAB;
+    if ((target_uid == 0) && (!user_requested)) {
+        fmtstr = svc->krb5.keytab;
     } else {
         fmtstr = svc->krb5.client_keytab;
     }
+    if (fmtstr == NULL) {
+        fmtstr = DEFAULT_CLIENT_KEYTAB;
+    }
     client_keytab = get_formatted_string(fmtstr, target_uid);
     if (!client_keytab) {
         GPDEBUG("Failed to construct client_keytab string.\n");
-- 
cgit