*/
-#include "config.h"
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
#include <sys/param.h>
#include <sys/socket.h>
#include "gss_util.h"
#include "krb5_util.h"
-char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
+char pipefs_dir[PATH_MAX] = GSSD_PIPEFS_DIR;
char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
-char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR;
+char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR ":" GSSD_USER_CRED_DIR;
+char *ccachesearch[GSSD_MAX_CCACHE_SEARCH + 1];
+int use_memcache = 0;
+int root_uses_machine_creds = 1;
+unsigned int context_timeout = 0;
+char *preferred_realm = NULL;
void
sig_die(int signal)
{
/* destroy krb5 machine creds */
- gssd_destroy_krb5_machine_creds();
+ if (root_uses_machine_creds)
+ gssd_destroy_krb5_machine_creds();
printerr(1, "exiting on signal %d\n", signal);
- exit(1);
+ exit(0);
}
void
sig_hup(int signal)
{
/* don't exit on SIGHUP */
- printerr(1, "Received SIGHUP... Ignoring.\n");
+ printerr(1, "Received SIGHUP(%d)... Ignoring.\n", signal);
return;
}
static void
usage(char *progname)
{
- fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir]\n",
+ fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm]\n",
progname);
exit(1);
}
int verbosity = 0;
int rpc_verbosity = 0;
int opt;
+ int i;
extern char *optarg;
char *progname;
- while ((opt = getopt(argc, argv, "fvrmp:k:d:")) != -1) {
+ memset(ccachesearch, 0, sizeof(ccachesearch));
+ while ((opt = getopt(argc, argv, "fvrlmnMp:k:d:t:R")) != -1) {
switch (opt) {
case 'f':
fg = 1;
case 'm':
/* Accept but ignore this. Now the default. */
break;
+ case 'M':
+ use_memcache = 1;
+ break;
+ case 'n':
+ root_uses_machine_creds = 0;
+ break;
case 'v':
verbosity++;
break;
rpc_verbosity++;
break;
case 'p':
- strncpy(pipefsdir, optarg, sizeof(pipefsdir));
- if (pipefsdir[sizeof(pipefsdir)-1] != '\0')
+ strncpy(pipefs_dir, optarg, sizeof(pipefs_dir));
+ if (pipefs_dir[sizeof(pipefs_dir)-1] != '\0')
errx(1, "pipefs path name too long");
break;
case 'k':
break;
case 'd':
strncpy(ccachedir, optarg, sizeof(ccachedir));
- if (ccachedir[sizeof(ccachedir-1)] != '\0')
+ if (ccachedir[sizeof(ccachedir)-1] != '\0')
errx(1, "ccachedir path name too long");
break;
+ case 't':
+ context_timeout = atoi(optarg);
+ break;
+ case 'R':
+ preferred_realm = strdup(optarg);
+ break;
+ case 'l':
+#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ limit_to_legacy_enctypes = 1;
+#else
+ errx(1, "Setting encryption type not support by Kerberos libraries.");
+#endif
+ break;
default:
usage(argv[0]);
break;
}
}
- strncat(pipefsdir + strlen(pipefsdir), "/" GSSD_SERVICE_NAME,
- sizeof(pipefsdir)-strlen(pipefsdir));
- if (pipefsdir[sizeof(pipefsdir)-1] != '\0')
- errx(1, "pipefs path name too long");
+
+ i = 0;
+ ccachesearch[i++] = strtok(ccachedir, ":");
+ do {
+ ccachesearch[i++] = strtok(NULL, ":");
+ } while (ccachesearch[i-1] != NULL && i < GSSD_MAX_CCACHE_SEARCH);
+
+ if (preferred_realm == NULL)
+ gssd_k5_get_default_realm(&preferred_realm);
if ((progname = strrchr(argv[0], '/')))
progname++;
initerr(progname, verbosity, fg);
#ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL
+ if (verbosity && rpc_verbosity == 0)
+ rpc_verbosity = verbosity;
authgss_set_debug_level(rpc_verbosity);
#else
if (rpc_verbosity > 0)
"support setting debug level\n");
#endif
+ if (gssd_check_mechs() != 0)
+ errx(1, "Problem with gssapi library");
+
if (!fg && daemon(0, 0) < 0)
errx(1, "fork");
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
- /* Process keytab file and get machine credentials */
- gssd_refresh_krb5_machine_creds();
-
gssd_run();
printerr(0, "gssd_run returned!\n");
abort();