diff options
author | Simo Sorce <simo@redhat.com> | 2014-01-15 16:01:49 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-01-17 11:51:10 -0500 |
commit | 1c3089d57036f276976273a01d03d3cea6eab0bb (patch) | |
tree | 21992c926cdc2a5c888794b2140518a4f11f625b | |
parent | 35640883cf34a32f893e9fecefbb193782e9bc75 (diff) | |
download | nfs-utils-1c3089d57036f276976273a01d03d3cea6eab0bb.tar.gz nfs-utils-1c3089d57036f276976273a01d03d3cea6eab0bb.tar.xz nfs-utils-1c3089d57036f276976273a01d03d3cea6eab0bb.zip |
Improve first attempt at acquiring GSS credentials
Since now rpc.gssd is swithing uid before attempting to acquire
credentials, we do not need to pass in the special uid-as-a-string name
to gssapi, because the process is already running under the user's
credentials.
By removing this code we can fix a class of false negatives where the
user name does not match the actual ccache credentials and the ccache
type used is not one of the only 2 supported explicitly by rpc.gssd by the
fallback trolling done later.
Signed-off-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | utils/gssd/krb5_util.c | 24 |
1 files changed, 2 insertions, 22 deletions
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 697d1d2..230b909 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -1381,29 +1381,10 @@ gssd_acquire_krb5_cred(gss_name_t name, gss_cred_id_t *gss_cred) int gssd_acquire_user_cred(uid_t uid, gss_cred_id_t *gss_cred) { - OM_uint32 maj_stat, min_stat; - gss_buffer_desc name_buf; - gss_name_t name; - char buf[11]; + OM_uint32 min_stat; int ret; - ret = snprintf(buf, 11, "%u", uid); - if (ret < 1 || ret > 10) { - return -1; - } - name_buf.value = buf; - name_buf.length = ret + 1; - - maj_stat = gss_import_name(&min_stat, &name_buf, - GSS_C_NT_STRING_UID_NAME, &name); - if (maj_stat != GSS_S_COMPLETE) { - if (get_verbosity() > 0) - pgsserr("gss_import_name", - maj_stat, min_stat, &krb5oid); - return -1; - } - - ret = gssd_acquire_krb5_cred(name, gss_cred); + ret = gssd_acquire_krb5_cred(GSS_C_NO_NAME, gss_cred); /* force validation of cred to check for expiry */ if (ret == 0) { @@ -1412,7 +1393,6 @@ gssd_acquire_user_cred(uid_t uid, gss_cred_id_t *gss_cred) ret = -1; } - maj_stat = gss_release_name(&min_stat, &name); return ret; } |