diff options
| author | Kevin Coffman <kwc@citi.umich.edu> | 2007-03-30 18:32:14 -0400 |
|---|---|---|
| committer | Neil Brown <neilb@suse.de> | 2007-03-31 09:08:02 +1000 |
| commit | ffe1a9badb6f247b3314ef570573739d3f91f429 (patch) | |
| tree | 9d4730d2c17d91f40820892d6d9cd0d68a3bee05 /utils/gssd/krb5_util.c | |
| parent | 6904f7b7f4f91d52c4bd783e5588e870d32ff021 (diff) | |
| download | nfs-utils-ffe1a9badb6f247b3314ef570573739d3f91f429.tar.gz nfs-utils-ffe1a9badb6f247b3314ef570573739d3f91f429.tar.xz nfs-utils-ffe1a9badb6f247b3314ef570573739d3f91f429.zip | |
Use newly added keytab functions
Use the new functions added in the previous patch.
Obtain machine credentials in a pre-determined order
Look for appropriate machine credentials in the following order:
root/<fqdn>@REALM
nfs/<fqdn>@REALM
host/<fqdn>@REALM
root/<any-name>@REALM
nfs/<any-name>@REALM
host/<any-name>@REALM
The first matching credential will be used.
Also, the machine credentials to be used are now determined
"on-demand" rather than at gssd startup. This allows keytab
additions to be noticed and used without requiring a restart of gssd.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Diffstat (limited to 'utils/gssd/krb5_util.c')
| -rw-r--r-- | utils/gssd/krb5_util.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 20396e0..dee2639 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -358,8 +358,8 @@ gssd_get_single_krb5_cred(krb5_context context, printerr(0, "WARNING: Using (debug) short machine cred lifetime!\n"); krb5_get_init_creds_opt_set_tkt_life(&options, 5*60); #endif - if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ, - kt, 0, NULL, &options))) { + if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ, + kt, 0, NULL, &options))) { char *pname; if ((krb5_unparse_name(context, ple->princ, &pname))) { pname = NULL; @@ -1146,18 +1146,19 @@ gssd_get_krb5_machine_cred_list(char ***list) retval = -1; *list = (char **) NULL; - /* Refresh machine credentials */ - if ((retval = gssd_refresh_krb5_machine_creds())) { - goto out; - } - if ((l = (char **) malloc(listsize * sizeof(char *))) == NULL) { retval = ENOMEM; goto out; } + /* Need to serialize list if we ever become multi-threaded! */ + for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) { if (ple->ccname) { + /* Make sure cred is up-to-date before returning it */ + retval = gssd_refresh_krb5_machine_credential(NULL, ple); + if (retval) + continue; if (i + 1 > listsize) { listsize += listinc; l = (char **) |