Call out to create_auth_rpc_client() early in the krb5 upcall.

author: Günther Deschner <gdeschner@redhat.com> 2013-02-15 19:19:14 +0100
committer: Günther Deschner <gd@samba.org> 2013-03-22 19:28:33 +0100
commit: 38b804aa6f075f5abb08c8aafd9430c2d22441e2 (patch)
tree: 037a1051bc8e8069a2cc0f691dca3eed17ca0242
parent: a3604b7760f0391e2c026f2fee61753221bd5858 (diff)
download: nfs-utils-38b804aa6f075f5abb08c8aafd9430c2d22441e2.tar.gz
nfs-utils-38b804aa6f075f5abb08c8aafd9430c2d22441e2.tar.xz
nfs-utils-38b804aa6f075f5abb08c8aafd9430c2d22441e2.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index e2ff482..f93fdbc 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -1130,6 +1130,14 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 	 */
 	printerr(2, "%s: service is '%s'\n", __func__,
 		 service ? service : "<null>");
+
+	printerr(2, "FIXME: trying preaquire creds first\n");
+	create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+					     AUTHTYPE_KRB5, 1);
+	if (create_resp == 0) {
+		goto auth_data;
+	}
+
 	if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0 &&
 				service == NULL)) {
 		/* Tell krb5 gss which credentials cache to use */
@@ -1198,6 +1206,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 			goto out_return_error;
 		}
 	}
+ auth_data:
 
 	if (!authgss_get_private_data(auth, &pd)) {
 		printerr(1, "WARNING: Failed to obtain authentication "
author	Günther Deschner <gdeschner@redhat.com>	2013-02-15 19:19:14 +0100
committer	Günther Deschner <gd@samba.org>	2013-03-22 19:28:33 +0100
commit	38b804aa6f075f5abb08c8aafd9430c2d22441e2 (patch)
tree	037a1051bc8e8069a2cc0f691dca3eed17ca0242
parent	a3604b7760f0391e2c026f2fee61753221bd5858 (diff)
download	nfs-utils-38b804aa6f075f5abb08c8aafd9430c2d22441e2.tar.gz nfs-utils-38b804aa6f075f5abb08c8aafd9430c2d22441e2.tar.xz nfs-utils-38b804aa6f075f5abb08c8aafd9430c2d22441e2.zip