From: neilbrown Date: Tue, 28 Mar 2006 00:50:03 +0000 (+0000) Subject: Add option to specify directory to search for credentials cache files X-Git-Tag: nfs-utils-1-0-8~14 X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=a6037e23a8c9d649bf5946ac9d23114f9097b997;p=nfs-utils.git Add option to specify directory to search for credentials cache files From: Vince Busam Signed-off-by: Kevin Coffman Add command line option to specify which directory should be searched to find credentials caches. (really this time) --- diff --git a/ChangeLog b/ChangeLog index 663fa5b..437660a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2006-03-28 kwc@citi.umich.edu + Add option to specify directory to search for credentials cache files + + + From: Vince Busam + Signed-off-by: Kevin Coffman + + Add command line option to specify which directory should be searched + to find credentials caches. + (really this time) + 2006-03-28 kwc@citi.umich.edu Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5 diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c index 8031d48..8e9c72a 100644 --- a/utils/gssd/gssd.c +++ b/utils/gssd/gssd.c @@ -55,6 +55,7 @@ char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR; char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE; +char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR; void sig_die(int signal) @@ -76,7 +77,7 @@ sig_hup(int signal) static void usage(char *progname) { - fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab]\n", + fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir]\n", progname); exit(1); } @@ -91,7 +92,7 @@ main(int argc, char *argv[]) extern char *optarg; char *progname; - while ((opt = getopt(argc, argv, "fvrmp:k:")) != -1) { + while ((opt = getopt(argc, argv, "fvrmp:k:d:")) != -1) { switch (opt) { case 'f': fg = 1; @@ -115,6 +116,11 @@ main(int argc, char *argv[]) if (keytabfile[sizeof(keytabfile)-1] != '\0') errx(1, "keytab path name too long"); break; + case 'd': + strncpy(ccachedir, optarg, sizeof(ccachedir)); + if (ccachedir[sizeof(ccachedir-1)] != '\0') + errx(1, "ccachedir path name too long"); + break; default: usage(argv[0]); break; diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h index d590401..d60a499 100644 --- a/utils/gssd/gssd.h +++ b/utils/gssd/gssd.h @@ -60,6 +60,7 @@ enum {AUTHTYPE_KRB5, AUTHTYPE_SPKM3, AUTHTYPE_LIPKEY}; extern char pipefsdir[PATH_MAX]; extern char keytabfile[PATH_MAX]; +extern char ccachedir[PATH_MAX]; TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list; diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man index 01404d1..250d26f 100644 --- a/utils/gssd/gssd.man +++ b/utils/gssd/gssd.man @@ -6,7 +6,7 @@ .SH NAME rpc.gssd \- rpcsec_gss daemon .SH SYNOPSIS -.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r]" +.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r] [-d ccachedir]" .SH DESCRIPTION The rpcsec_gss protocol gives a means of using the gss-api generic security api to provide security for protocols using rpc (in particular, nfs). Before @@ -48,6 +48,11 @@ Tells where to look for the rpc_pipefs filesystem. The default value is "/var/lib/nfs/rpc_pipefs". .TP +.B -d directory +Tells +.B rpc.gssd +where to look for kerberos credential files. The default value is "/tmp". +.TP .B -v Increases the verbosity of the output (can be specified multiple times). .TP diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 5f3e490..3030c3f 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -158,7 +158,7 @@ select_krb5_ccache(const struct dirent *d) } /* - * Look in the GSSD_DEFAULT_CRED_DIR for files that look like they + * Look in the ccachedir for files that look like they * are Kerberos Credential Cache files for a given UID. Return * non-zero and the dirent pointer for the entry most likely to be * what we want. Otherwise, return zero and no dirent pointer. @@ -179,7 +179,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d) struct stat best_match_stat, tmp_stat; *d = NULL; - n = scandir(GSSD_DEFAULT_CRED_DIR, &namelist, select_krb5_ccache, 0); + n = scandir(ccachedir, &namelist, select_krb5_ccache, 0); if (n < 0) { perror("scandir looking for krb5 credentials caches"); } @@ -195,7 +195,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d) if (strstr(namelist[i]->d_name, substring) || !strcmp(namelist[i]->d_name, fullstring)) { snprintf(statname, sizeof(statname), - "%s/%s", GSSD_DEFAULT_CRED_DIR, + "%s/%s", ccachedir, namelist[i]->d_name); if (stat(statname, &tmp_stat)) { printerr(0, "Error doing stat " @@ -626,13 +626,12 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername) memset(buf, 0, sizeof(buf)); if (gssd_find_existing_krb5_ccache(uid, &d)) { snprintf(buf, sizeof(buf), "FILE:%s/%s", - GSSD_DEFAULT_CRED_DIR, d->d_name); + ccachedir, d->d_name); free(d); } else snprintf(buf, sizeof(buf), "FILE:%s/%s%u", - GSSD_DEFAULT_CRED_DIR, - GSSD_DEFAULT_CRED_PREFIX, uid); + ccachedir, GSSD_DEFAULT_CRED_PREFIX, uid); printerr(2, "using %s as credentials cache for client with " "uid %u for server %s\n", buf, uid, servername); gssd_set_krb5_ccache_name(buf);