]> git.decadent.org.uk Git - nfs-utils.git/blobdiff - utils/gssd/gssd_proc.c
projects / nfs-utils.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
gssd: on krb5 upcall, have gssd send a more granular error code
[nfs-utils.git] / utils / gssd / gssd_proc.c
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 795e06c343e4809bbaddf6d98f12a2d698a779ac..be4fb1150e1582990240a9213bb8fe5b9291e481 100644 (file)
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -904,6 +904,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
        char                    **ccname;
        char                    **dirname;
        int                     create_resp = -1;
        char                    **ccname;
        char                    **dirname;
        int                     create_resp = -1;
+       int                     err, downcall_err = -EACCES;
 
        printerr(1, "handling krb5 upcall (%s)\n", clp->dirname);
 
 
        printerr(1, "handling krb5 upcall (%s)\n", clp->dirname);
 
@@ -944,7 +945,10 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
                                service == NULL)) {
                /* Tell krb5 gss which credentials cache to use */
                for (dirname = ccachesearch; *dirname != NULL; dirname++) {
                                service == NULL)) {
                /* Tell krb5 gss which credentials cache to use */
                for (dirname = ccachesearch; *dirname != NULL; dirname++) {
-                       if (gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname) == 0)
+                       err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
+                       if (err == -EKEYEXPIRED)
+                               downcall_err = -EKEYEXPIRED;
+                       else if (!err)
                                create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
                                                             AUTHTYPE_KRB5);
                        if (create_resp == 0)
                                create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
                                                             AUTHTYPE_KRB5);
                        if (create_resp == 0)
@@ -1034,7 +1038,7 @@ out:
        return;
 
 out_return_error:
        return;
 
 out_return_error:
-       do_error_downcall(fd, uid, -1);
+       do_error_downcall(fd, uid, downcall_err);
        goto out;
 }
 
        goto out;
 }
 
Debian package of nfs-utils