diff options
author | Günther Deschner <gdeschner@redhat.com> | 2013-02-15 19:18:20 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2013-03-22 19:28:33 +0100 |
commit | a3604b7760f0391e2c026f2fee61753221bd5858 (patch) | |
tree | 998a02acc72af5207981e223c8144b666c4b7b28 | |
parent | 5978b221c7d91ac04954ecc39d8ab89a5c3d0b3e (diff) | |
download | nfs-utils-a3604b7760f0391e2c026f2fee61753221bd5858.tar.gz nfs-utils-a3604b7760f0391e2c026f2fee61753221bd5858.tar.xz nfs-utils-a3604b7760f0391e2c026f2fee61753221bd5858.zip |
Allow to call pre_aquire_credential from create_auth_rpc_client().
-rw-r--r-- | utils/gssd/gssd_proc.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 016495b..e2ff482 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -941,7 +941,8 @@ create_auth_rpc_client(struct clnt_info *clp, CLIENT **clnt_return, AUTH **auth_return, uid_t uid, - int authtype) + int authtype, + int preaquire_creds) { CLIENT *rpc_clnt = NULL; struct rpc_gss_sec sec; @@ -954,6 +955,7 @@ create_auth_rpc_client(struct clnt_info *clp, struct timeval timeout = {5, 0}; struct sockaddr *addr = (struct sockaddr *) &clp->addr; socklen_t salen; + gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; /* Create the context as the user (not as root) */ save_uid = geteuid(); @@ -965,9 +967,14 @@ create_auth_rpc_client(struct clnt_info *clp, printerr(2, "creating context using fsuid %d (save_uid %d)\n", uid, save_uid); + if (preaquire_creds && (uid != 0)) { + cred = pre_aquire_credential(uid); + } + + sec.qop = GSS_C_QOP_DEFAULT; sec.svc = RPCSEC_GSS_SVC_NONE; - sec.cred = GSS_C_NO_CREDENTIAL; + sec.cred = cred; sec.req_flags = 0; if (authtype == AUTHTYPE_KRB5) { sec.mech = (gss_OID)&krb5oid; @@ -1132,7 +1139,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, downcall_err = -EKEYEXPIRED; else if (!err) create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, - AUTHTYPE_KRB5); + AUTHTYPE_KRB5, 0); if (create_resp == 0) break; } @@ -1160,7 +1167,8 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, gssd_setup_krb5_machine_gss_ccache(*ccname); if ((create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, - AUTHTYPE_KRB5)) == 0) { + AUTHTYPE_KRB5, + 0)) == 0) { /* Success! */ success++; break; |