Allow to call pre_aquire_credential from create_auth_rpc_client().

1 files changed, 12 insertions, 4 deletions

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 016495b..e2ff482 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -941,7 +941,8 @@ create_auth_rpc_client(struct clnt_info *clp,
 		       CLIENT **clnt_return,
 		       AUTH **auth_return,
 		       uid_t uid,
-		       int authtype)
+		       int authtype,
+		       int preaquire_creds)
 {
 	CLIENT			*rpc_clnt = NULL;
 	struct rpc_gss_sec	sec;
@@ -954,6 +955,7 @@ create_auth_rpc_client(struct clnt_info *clp,
 	struct timeval		timeout = {5, 0};
 	struct sockaddr		*addr = (struct sockaddr *) &clp->addr;
 	socklen_t		salen;
+	gss_cred_id_t		cred = GSS_C_NO_CREDENTIAL;
 
 	/* Create the context as the user (not as root) */
 	save_uid = geteuid();
@@ -965,9 +967,14 @@ create_auth_rpc_client(struct clnt_info *clp,
 	printerr(2, "creating context using fsuid %d (save_uid %d)\n",
 			uid, save_uid);
 
+	if (preaquire_creds && (uid != 0)) {
+		cred = pre_aquire_credential(uid);
+	}
+
+
 	sec.qop = GSS_C_QOP_DEFAULT;
 	sec.svc = RPCSEC_GSS_SVC_NONE;
-	sec.cred = GSS_C_NO_CREDENTIAL;
+	sec.cred = cred;
 	sec.req_flags = 0;
 	if (authtype == AUTHTYPE_KRB5) {
 		sec.mech = (gss_OID)&krb5oid;
@@ -1132,7 +1139,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 				downcall_err = -EKEYEXPIRED;
 			else if (!err)
 				create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
-							     AUTHTYPE_KRB5);
+							     AUTHTYPE_KRB5, 0);
 			if (create_resp == 0)
 				break;
 		}
@@ -1160,7 +1167,8 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 					gssd_setup_krb5_machine_gss_ccache(*ccname);
 					if ((create_auth_rpc_client(clp, &rpc_clnt,
 								    &auth, uid,
-								    AUTHTYPE_KRB5)) == 0) {
+								    AUTHTYPE_KRB5,
+								    0)) == 0) {
 						/* Success! */
 						success++;
 						break;