GSSD: clean up machine credentials

Since we no longer fork for uid 0, gssd_atexit()
is only called when uid != 0, and fails as permissions
on the /tmp/krb5ccmachine_REALM file prohibit the
clean up of machine credentials (as it should).

Move the reaping of machine credentials back into a
SIGINT sighandler so that <Ctrl-C> destroyes
machine credentials.

Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

1 files changed, 5 insertions, 6 deletions

diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 2a768ea..e480349 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -729,10 +729,12 @@ found:
 }
 
 static void
-gssd_atexit(void)
+sig_die(int signal)
 {
 	if (root_uses_machine_creds)
 		gssd_destroy_krb5_machine_creds();
+	printerr(1, "exiting on signal %d\n", signal);
+	exit(0);
 }
 
 static void
@@ -892,17 +894,14 @@ main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (atexit(gssd_atexit)) {
-		printerr(1, "ERROR: atexit failed: %s\n", strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-
 	inotify_fd = inotify_init1(IN_NONBLOCK);
 	if (inotify_fd == -1) {
 		printerr(1, "ERROR: inotify_init1 failed: %s\n", strerror(errno));
 		exit(EXIT_FAILURE);
 	}
 
+	signal(SIGINT, sig_die);
+	signal(SIGTERM, sig_die);
 	signal_set(&sighup_ev, SIGHUP, gssd_scan_cb, NULL);
 	signal_add(&sighup_ev, NULL);
 	event_set(&inotify_ev, inotify_fd, EV_READ | EV_PERSIST, gssd_inotify_cb, NULL);