Add option to specify directory to search for credentials cache files

	From: Vince Busam <vbusam@google.com>
	Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
	Add command line option to specify which directory should be searched
	to find credentials caches.
	(really this time)

diff --git a/ChangeLog b/ChangeLog
index 663fa5bdf9c2423f1f3ea5484d22e05845d576c3..437660af45ccb4a39a58c3707ad1d955159374f7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2006-03-28 kwc@citi.umich.edu
+       Add option to specify directory to search for credentials cache files
+       
+       
+       From: Vince Busam <vbusam@google.com>
+       Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+       
+       Add command line option to specify which directory should be searched
+       to find credentials caches.
+       (really this time)      
+       
 2006-03-28 kwc@citi.umich.edu
        Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
        

diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 8031d487d93795cdd4b50ee0e770b09bfd2cf645..8e9c72acdfd8e47d46a8b00ecd74cf44496379f3 100644 (file)
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -55,6 +55,7 @@
 
 char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
 char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
+char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR;
 
 void
 sig_die(int signal)
@@ -76,7 +77,7 @@ sig_hup(int signal)
 static void
 usage(char *progname)
 {
-       fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab]\n",
+       fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir]\n",
                progname);
        exit(1);
 }
@@ -91,7 +92,7 @@ main(int argc, char *argv[])
        extern char *optarg;
        char *progname;
 
-       while ((opt = getopt(argc, argv, "fvrmp:k:")) != -1) {
+       while ((opt = getopt(argc, argv, "fvrmp:k:d:")) != -1) {
                switch (opt) {
                        case 'f':
                                fg = 1;
@@ -115,6 +116,11 @@ main(int argc, char *argv[])
                                if (keytabfile[sizeof(keytabfile)-1] != '\0')
                                        errx(1, "keytab path name too long");
                                break;
+                       case 'd':
+                               strncpy(ccachedir, optarg, sizeof(ccachedir));
+                               if (ccachedir[sizeof(ccachedir-1)] != '\0')
+                                       errx(1, "ccachedir path name too long");
+                               break;
                        default:
                                usage(argv[0]);
                                break;

diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
index d590401d93828b7ae4c192e6d4abb605709ef53d..d60a499945266a4eb4d53caff5978712537dde9c 100644 (file)
--- a/utils/gssd/gssd.h
+++ b/utils/gssd/gssd.h
@@ -60,6 +60,7 @@ enum {AUTHTYPE_KRB5, AUTHTYPE_SPKM3, AUTHTYPE_LIPKEY};
 
 extern char                    pipefsdir[PATH_MAX];
 extern char                    keytabfile[PATH_MAX];
+extern char                    ccachedir[PATH_MAX];
 
 TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list;
 

diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index 01404d1bf7e61b6e8d25d3462e10317785d89381..250d26fe3e36af41b649ef77c620289d02858b8e 100644 (file)
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -6,7 +6,7 @@
 .SH NAME
 rpc.gssd \- rpcsec_gss daemon
 .SH SYNOPSIS
-.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r]"
+.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r] [-d ccachedir]"
 .SH DESCRIPTION
 The rpcsec_gss protocol gives a means of using the gss-api generic security
 api to provide security for protocols using rpc (in particular, nfs).  Before
@@ -48,6 +48,11 @@ Tells
 where to look for the rpc_pipefs filesystem.  The default value is
 "/var/lib/nfs/rpc_pipefs".
 .TP
+.B -d directory
+Tells
+.B rpc.gssd
+where to look for kerberos credential files.  The default value is "/tmp".
+.TP
 .B -v
 Increases the verbosity of the output (can be specified multiple times).
 .TP

diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 5f3e490c75c1a338ea42a0215315c9e7b15f9c5b..3030c3fc05ecf261deb44d3e4a5acdbd29144d53 100644 (file)
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -158,7 +158,7 @@ select_krb5_ccache(const struct dirent *d)
 }
 
 /*
- * Look in the GSSD_DEFAULT_CRED_DIR for files that look like they
+ * Look in the ccachedir for files that look like they
  * are Kerberos Credential Cache files for a given UID.  Return
  * non-zero and the dirent pointer for the entry most likely to be
  * what we want. Otherwise, return zero and no dirent pointer.
@@ -179,7 +179,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
        struct stat best_match_stat, tmp_stat;
 
        *d = NULL;
-       n = scandir(GSSD_DEFAULT_CRED_DIR, &namelist, select_krb5_ccache, 0);
+       n = scandir(ccachedir, &namelist, select_krb5_ccache, 0);
        if (n < 0) {
                perror("scandir looking for krb5 credentials caches");
        }
@@ -195,7 +195,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
                        if (strstr(namelist[i]->d_name, substring) ||
                            !strcmp(namelist[i]->d_name, fullstring)) {
                                snprintf(statname, sizeof(statname),
-                                        "%s/%s", GSSD_DEFAULT_CRED_DIR,
+                                        "%s/%s", ccachedir,
                                         namelist[i]->d_name);
                                if (stat(statname, &tmp_stat)) {
                                        printerr(0, "Error doing stat "
@@ -626,13 +626,12 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername)
        memset(buf, 0, sizeof(buf));
        if (gssd_find_existing_krb5_ccache(uid, &d)) {
                snprintf(buf, sizeof(buf), "FILE:%s/%s",
-                       GSSD_DEFAULT_CRED_DIR, d->d_name);
+                       ccachedir, d->d_name);
                free(d);
        }
        else
                snprintf(buf, sizeof(buf), "FILE:%s/%s%u",
-                       GSSD_DEFAULT_CRED_DIR,
-                       GSSD_DEFAULT_CRED_PREFIX, uid);
+                       ccachedir, GSSD_DEFAULT_CRED_PREFIX, uid);
        printerr(2, "using %s as credentials cache for client with "
                    "uid %u for server %s\n", buf, uid, servername);
        gssd_set_krb5_ccache_name(buf);