X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=utils%2Fgssd%2Fgssd_proc.c;h=1942175bc9434cc6b197de05d1c48a1d5842a1fc;hb=99ed8de8261beb580c0ab9543ea7f2c8e16c9306;hp=02239d29776ea769f161962870d5bebe8bb62b50;hpb=b09228c86d4049b11c6ddf9284a637a211993b44;p=nfs-utils.git diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 02239d2..1942175 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -478,25 +478,25 @@ find_client(char *dirname) return 0; } -/* Used to read (and re-read) list of clients, set up poll array. */ -int -update_client_list(void) +static int +process_pipedir(char *pipe_name) { struct dirent **namelist; int i, j; - if (chdir(pipefs_nfsdir) < 0) { + if (chdir(pipe_name) < 0) { printerr(0, "ERROR: can't chdir to %s: %s\n", - pipefs_nfsdir, strerror(errno)); + pipe_name, strerror(errno)); return -1; } - j = scandir(pipefs_nfsdir, &namelist, NULL, alphasort); + j = scandir(pipe_name, &namelist, NULL, alphasort); if (j < 0) { printerr(0, "ERROR: can't scandir %s: %s\n", - pipefs_nfsdir, strerror(errno)); + pipe_name, strerror(errno)); return -1; } + update_old_clients(namelist, j); for (i=0; i < j; i++) { if (i < FD_ALLOC_BLOCK @@ -507,9 +507,23 @@ update_client_list(void) } free(namelist); + return 0; } +/* Used to read (and re-read) list of clients, set up poll array. */ +int +update_client_list(void) +{ + int retval = -1; + + retval = process_pipedir(pipefs_nfsdir); + if (retval) + printerr(0, "ERROR: processing %s\n", pipefs_nfsdir); + + return retval; +} + static int do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, gss_buffer_desc *context_token) @@ -840,42 +854,48 @@ handle_krb5_upcall(struct clnt_info *clp) } if (create_resp != 0) { if (uid == 0 && root_uses_machine_creds == 1) { + int nocache = 0; int success = 0; - - gssd_refresh_krb5_machine_credential(clp->servername, - NULL); - /* - * Get a list of credential cache names and try each - * of them until one works or we've tried them all - */ - if (gssd_get_krb5_machine_cred_list(&credlist)) { - printerr(0, "ERROR: No credentials found " - "for connection to server %s\n", - clp->servername); - goto out_return_error; - } - for (ccname = credlist; ccname && *ccname; ccname++) { - gssd_setup_krb5_machine_gss_ccache(*ccname); - if ((create_auth_rpc_client(clp, &rpc_clnt, - &auth, uid, - AUTHTYPE_KRB5)) == 0) { - /* Success! */ - success++; - break; + do { + gssd_refresh_krb5_machine_credential(clp->servername, + NULL, nocache); + /* + * Get a list of credential cache names and try each + * of them until one works or we've tried them all + */ + if (gssd_get_krb5_machine_cred_list(&credlist)) { + printerr(0, "ERROR: No credentials found " + "for connection to server %s\n", + clp->servername); + goto out_return_error; } - printerr(2, "WARNING: Failed to create krb5 context " - "for user with uid %d with credentials " - "cache %s for server %s\n", - uid, *ccname, clp->servername); - } - gssd_free_krb5_machine_cred_list(credlist); - if (!success) { - printerr(1, "WARNING: Failed to create krb5 context " - "for user with uid %d with any " - "credentials cache for server %s\n", - uid, clp->servername); - goto out_return_error; - } + for (ccname = credlist; ccname && *ccname; ccname++) { + gssd_setup_krb5_machine_gss_ccache(*ccname); + if ((create_auth_rpc_client(clp, &rpc_clnt, + &auth, uid, + AUTHTYPE_KRB5)) == 0) { + /* Success! */ + success++; + break; + } + printerr(2, "WARNING: Failed to create machine krb5 context " + "with credentials cache %s for server %s\n", + *ccname, clp->servername); + } + gssd_free_krb5_machine_cred_list(credlist); + if (!success) { + if(nocache == 0) { + nocache++; + printerr(2, "WARNING: Machine cache is prematurely expired or corrupted " + "trying to recreate cache for server %s\n", clp->servername); + } else { + printerr(1, "WARNING: Failed to create machine krb5 context " + "with any credentials cache for server %s\n", + clp->servername); + goto out_return_error; + } + } + } while(!success); } else { printerr(1, "WARNING: Failed to create krb5 context " "for user with uid %d for server %s\n",