From 25cd5f9101b8969f9e1f9d7d486f11c215d0eeb4 Mon Sep 17 00:00:00 2001
From: Vince Busam <vbusam@google.com>
Date: Wed, 7 May 2008 15:24:53 -0400
Subject: Kerberos credentials may be stored in multiple places.  Make it
 possible to search several directories for valid credentials when making NFS
 requests.

Original patch from Vince Busam <vbusam@google.com>

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>.
Signed-off-by: Steve Dickson <steved@redhat.com>
---
 utils/gssd/gssd_proc.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'utils/gssd/gssd_proc.c')

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index bac7295..be6f440 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -685,6 +685,7 @@ handle_krb5_upcall(struct clnt_info *clp)
 	gss_buffer_desc		token;
 	char			**credlist = NULL;
 	char			**ccname;
+	char			**dirname;
 	int			create_resp = -1;
 
 	printerr(1, "handling krb5 upcall\n");
@@ -701,10 +702,14 @@ handle_krb5_upcall(struct clnt_info *clp)
 
 	if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0)) {
 		/* Tell krb5 gss which credentials cache to use */
-		gssd_setup_krb5_user_gss_ccache(uid, clp->servername);
+		for (dirname = ccachesearch; *dirname != NULL; dirname++) {
+			gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
 
-		create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
-						     AUTHTYPE_KRB5);
+			create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+							     AUTHTYPE_KRB5);
+			if (create_resp == 0)
+				break;
+		}
 	}
 	if (create_resp != 0) {
 		if (uid == 0 && root_uses_machine_creds == 1) {
-- 
cgit