svcgssd: Adding a <-p principal> flag

Allow the principal that is used to get the machines creds definable
on the command like with the new '-p <principal>'. This is useful
in cluster environments.

Signed-off-by:  Eberhard Kuemmerle <E.Kuemmerle@fz-juelich.de>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
index 99aceb37714b48bab6a41c03d4e0d57c58532bb5..8fe1e9be316929f8a29072d576c678eb03352089 100644 (file)
--- a/utils/gssd/gss_util.c
+++ b/utils/gssd/gss_util.c
@@ -191,7 +191,7 @@ pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat, const gss_OID mech)
 }
 
 int
-gssd_acquire_cred(char *server_name)
+gssd_acquire_cred(char *server_name, const gss_OID oid)
 {
        gss_buffer_desc name;
        gss_name_t target_name;
@@ -203,7 +203,7 @@ gssd_acquire_cred(char *server_name)
        name.length = strlen(server_name);
 
        maj_stat = gss_import_name(&min_stat, &name,
-                       (const gss_OID) GSS_C_NT_HOSTBASED_SERVICE,
+                       oid,
                        &target_name);
 
        if (maj_stat != GSS_S_COMPLETE) {

diff --git a/utils/gssd/gss_util.h b/utils/gssd/gss_util.h
index bfe8c4af9145db8451679a9ef76db6bfc9a43b16..67b3077a8d252d31346fce6fdbd795a0c0c28287 100644 (file)
--- a/utils/gssd/gss_util.h
+++ b/utils/gssd/gss_util.h
@@ -37,7 +37,7 @@
 
 extern gss_cred_id_t   gssd_creds;
 
-int gssd_acquire_cred(char *server_name);
+int gssd_acquire_cred(char *server_name, const gss_OID oid);
 void pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat,
        const gss_OID mech);
 int gssd_check_mechs(void);

diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
index 465c305f17da92dc06920d77f03ff4986850cfcd..b1b57938c3490802ea659a5e54ca72218a806222 100644 (file)
--- a/utils/gssd/gssd.h
+++ b/utils/gssd/gssd.h
@@ -100,7 +100,6 @@ int update_client_list(void);
 void handle_krb5_upcall(struct clnt_info *clp);
 void handle_spkm3_upcall(struct clnt_info *clp);
 void handle_gssd_upcall(struct clnt_info *clp);
-int gssd_acquire_cred(char *server_name);
 void gssd_run(void);
 
 

diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
index e7375a49ce6b472106cc2ce64f26bb5eb3184537..9b463f3723ab066a228e62a24cd45313798c6440 100644 (file)
--- a/utils/gssd/svcgssd.c
+++ b/utils/gssd/svcgssd.c
@@ -167,7 +167,7 @@ sig_hup(int signal)
 static void
 usage(char *progname)
 {
-       fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i]\n",
+       fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i] [-p principal]\n",
                progname);
        exit(1);
 }
@@ -180,9 +180,10 @@ main(int argc, char *argv[])
        int verbosity = 0;
        int rpc_verbosity = 0;
        int idmap_verbosity = 0;
-       int opt;
+       int opt, status;
        extern char *optarg;
        char *progname;
+       char *principal = NULL;
 
        while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
                switch (opt) {
@@ -201,6 +202,9 @@ main(int argc, char *argv[])
                        case 'r':
                                rpc_verbosity++;
                                break;
+                       case 'p':
+                               principal = optarg;
+                               break;
                        default:
                                usage(argv[0]);
                                break;
@@ -244,12 +248,20 @@ main(int argc, char *argv[])
        signal(SIGTERM, sig_die);
        signal(SIGHUP, sig_hup);
 
-       if (get_creds && !gssd_acquire_cred(GSSD_SERVICE_NAME)) {
-                printerr(0, "unable to obtain root (machine) credentials\n");
-                printerr(0, "do you have a keytab entry for "
-                           "nfs/<your.host>@<YOUR.REALM> in "
-                           "/etc/krb5.keytab?\n");
-               exit(1);
+       if (get_creds) {
+               if (principal)
+                       status = gssd_acquire_cred(principal, 
+                               ((const gss_OID)GSS_C_NT_USER_NAME));
+               else
+                       status = gssd_acquire_cred(GSSD_SERVICE_NAME, 
+                               (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE);
+               if (status == FALSE) {
+                       printerr(0, "unable to obtain root (machine) credentials\n");
+                       printerr(0, "do you have a keytab entry for "
+                               "nfs/<your.host>@<YOUR.REALM> in "
+                               "/etc/krb5.keytab?\n");
+                       exit(1);
+               }
        }
 
        if (!fg)