}
/*
- * Look in the GSSD_DEFAULT_CRED_DIR for files that look like they
+ * Look in the ccachedir for files that look like they
* are Kerberos Credential Cache files for a given UID. Return
* non-zero and the dirent pointer for the entry most likely to be
* what we want. Otherwise, return zero and no dirent pointer.
struct stat best_match_stat, tmp_stat;
*d = NULL;
- n = scandir(GSSD_DEFAULT_CRED_DIR, &namelist, select_krb5_ccache, 0);
+ n = scandir(ccachedir, &namelist, select_krb5_ccache, 0);
if (n < 0) {
perror("scandir looking for krb5 credentials caches");
}
if (strstr(namelist[i]->d_name, substring) ||
!strcmp(namelist[i]->d_name, fullstring)) {
snprintf(statname, sizeof(statname),
- "%s/%s", GSSD_DEFAULT_CRED_DIR,
+ "%s/%s", ccachedir,
namelist[i]->d_name);
if (stat(statname, &tmp_stat)) {
printerr(0, "Error doing stat "
{
u_int maj_stat, min_stat;
gss_cred_id_t credh;
+ gss_OID_set_desc desired_mechs;
krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC };
int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
+ /* We only care about getting a krb5 cred */
+ desired_mechs.count = 1;
+ desired_mechs.elements = &krb5oid;
+
maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
- GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+ &desired_mechs, GSS_C_INITIATE,
&credh, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) {
- printerr(0, "WARNING: error from gss_acquire_cred "
- "for user with uid %d (%s)\n",
- uid, error_message(min_stat));
+ pgsserr("gss_acquire_cred",
+ maj_stat, min_stat, &krb5oid);
return -1;
}
maj_stat = gss_set_allowable_enctypes(&min_stat, credh, &krb5oid,
num_enctypes, &enctypes);
if (maj_stat != GSS_S_COMPLETE) {
- printerr(0, "WARNING: error from gss_set_allowable_enctypes "
- "for user with uid %d (%s)\n",
- uid, error_message(min_stat));
+ pgsserr("gss_set_allowable_enctypes",
+ maj_stat, min_stat, &krb5oid);
return -1;
}
sec->cred = credh;
memset(buf, 0, sizeof(buf));
if (gssd_find_existing_krb5_ccache(uid, &d)) {
snprintf(buf, sizeof(buf), "FILE:%s/%s",
- GSSD_DEFAULT_CRED_DIR, d->d_name);
+ ccachedir, d->d_name);
free(d);
}
else
snprintf(buf, sizeof(buf), "FILE:%s/%s%u",
- GSSD_DEFAULT_CRED_DIR,
- GSSD_DEFAULT_CRED_PREFIX, uid);
+ ccachedir, GSSD_DEFAULT_CRED_PREFIX, uid);
printerr(2, "using %s as credentials cache for client with "
"uid %u for server %s\n", buf, uid, servername);
gssd_set_krb5_ccache_name(buf);