From ffe1a9badb6f247b3314ef570573739d3f91f429 Mon Sep 17 00:00:00 2001 From: Kevin Coffman Date: Fri, 30 Mar 2007 18:32:14 -0400 Subject: Use newly added keytab functions Use the new functions added in the previous patch. Obtain machine credentials in a pre-determined order Look for appropriate machine credentials in the following order: root/@REALM nfs/@REALM host/@REALM root/@REALM nfs/@REALM host/@REALM The first matching credential will be used. Also, the machine credentials to be used are now determined "on-demand" rather than at gssd startup. This allows keytab additions to be noticed and used without requiring a restart of gssd. Signed-off-by: Kevin Coffman Signed-off-by: Neil Brown --- utils/gssd/krb5_util.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'utils/gssd/krb5_util.c') diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 20396e0..dee2639 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -358,8 +358,8 @@ gssd_get_single_krb5_cred(krb5_context context, printerr(0, "WARNING: Using (debug) short machine cred lifetime!\n"); krb5_get_init_creds_opt_set_tkt_life(&options, 5*60); #endif - if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ, - kt, 0, NULL, &options))) { + if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ, + kt, 0, NULL, &options))) { char *pname; if ((krb5_unparse_name(context, ple->princ, &pname))) { pname = NULL; @@ -1146,18 +1146,19 @@ gssd_get_krb5_machine_cred_list(char ***list) retval = -1; *list = (char **) NULL; - /* Refresh machine credentials */ - if ((retval = gssd_refresh_krb5_machine_creds())) { - goto out; - } - if ((l = (char **) malloc(listsize * sizeof(char *))) == NULL) { retval = ENOMEM; goto out; } + /* Need to serialize list if we ever become multi-threaded! */ + for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) { if (ple->ccname) { + /* Make sure cred is up-to-date before returning it */ + retval = gssd_refresh_krb5_machine_credential(NULL, ple); + if (retval) + continue; if (i + 1 > listsize) { listsize += listinc; l = (char **) -- cgit