diff options
| author | Doug Nazar <nazard.michi@gmail.com> | 2010-07-19 11:08:46 -0400 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2010-07-19 11:08:46 -0400 |
| commit | 12af21aca517dfbaec465447d8336bcc4769f71d (patch) | |
| tree | ccd17713d19f4b61ee24b6d0c81a70f16c8f4f3c /utils | |
| parent | e2aa2c8c4cc21eb312a301855c2e211dedf93146 (diff) | |
| download | nfs-utils-12af21aca517dfbaec465447d8336bcc4769f71d.tar.gz nfs-utils-12af21aca517dfbaec465447d8336bcc4769f71d.tar.xz nfs-utils-12af21aca517dfbaec465447d8336bcc4769f71d.zip | |
gssd: picking wrong creds
When not using machine credentials for root, if the machine
credential cache file is newer than the root credential file
the wrong file will get picked. Ignore the machine file in
this case.
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/gssd/krb5_util.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index dccbeb6..d23654f 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -224,6 +224,13 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d) free(namelist[i]); continue; } + if (uid == 0 && !root_uses_machine_creds && + strstr(namelist[i]->d_name, "_machine_")) { + printerr(3, "CC file '%s' not available to root\n", + statname); + free(namelist[i]); + continue; + } if (!query_krb5_ccache(buf, &princname, &realm)) { printerr(3, "CC file '%s' is expired or corrupt\n", statname); |