int code;
time_t now = time(0);
char *cache_type;
+ char *pname = NULL;
memset(&my_creds, 0, sizeof(my_creds));
goto out;
}
+ if ((krb5_unparse_name(context, ple->princ, &pname)))
+ pname = NULL;
+
krb5_get_init_creds_opt_init(&options);
krb5_get_init_creds_opt_set_address_list(&options, NULL);
printerr(0, "WARNING: Using (debug) short machine cred lifetime!\n");
krb5_get_init_creds_opt_set_tkt_life(&options, 5*60);
#endif
- if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
- kt, 0, NULL, &options))) {
- char *pname;
- if ((krb5_unparse_name(context, ple->princ, &pname))) {
- pname = NULL;
- }
+ if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
+ kt, 0, NULL, &options))) {
printerr(0, "WARNING: %s while getting initial ticket for "
- "principal '%s' from keytab '%s'\n",
+ "principal '%s' using keytab '%s'\n",
error_message(code),
pname ? pname : "<unparsable>", kt_name);
- if (pname) k5_free_unparsed_name(context, pname);
goto out;
}
GSSD_DEFAULT_CRED_DIR, GSSD_DEFAULT_CRED_PREFIX,
GSSD_DEFAULT_MACHINE_CRED_SUFFIX, ple->realm);
ple->endtime = my_creds.times.endtime;
+ if (ple->ccname != NULL)
+ free(ple->ccname);
ple->ccname = strdup(cc_name);
if (ple->ccname == NULL) {
printerr(0, "ERROR: no storage to duplicate credentials "
- "cache name\n");
+ "cache name '%s'\n", cc_name);
code = ENOMEM;
goto out;
}
}
code = 0;
- printerr(1, "Using (machine) credentials cache: '%s'\n", cc_name);
+ printerr(2, "Successfully obtained machine credentials for "
+ "principal '%s' stored in ccache '%s'\n", pname, cc_name);
out:
+ if (pname)
+ k5_free_unparsed_name(context, pname);
if (ccache)
krb5_cc_close(context, ccache);
krb5_free_cred_contents(context, &my_creds);
retval = -1;
*list = (char **) NULL;
- /* Refresh machine credentials */
- if ((retval = gssd_refresh_krb5_machine_creds())) {
- goto out;
- }
-
if ((l = (char **) malloc(listsize * sizeof(char *))) == NULL) {
retval = ENOMEM;
goto out;
}
+ /* Need to serialize list if we ever become multi-threaded! */
+
for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) {
if (ple->ccname) {
+ /* Make sure cred is up-to-date before returning it */
+ retval = gssd_refresh_krb5_machine_credential(NULL, ple);
+ if (retval)
+ continue;
if (i + 1 > listsize) {
listsize += listinc;
l = (char **)