Allow gssd ccaches in MEMORY: rather than FILE:
[nfs-utils.git] / utils / gssd / krb5_util.c
index 3030c3f..c43eb36 100644 (file)
@@ -178,6 +178,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
        struct dirent *best_match_dir = NULL;
        struct stat best_match_stat, tmp_stat;
 
+       memset(&best_match_stat, 0, sizeof(best_match_stat));
        *d = NULL;
        n = scandir(ccachedir, &namelist, select_krb5_ccache, 0);
        if (n < 0) {
@@ -280,11 +281,16 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
 {
        u_int maj_stat, min_stat;
        gss_cred_id_t credh;
+       gss_OID_set_desc  desired_mechs;
        krb5_enctype enctypes[] = { ENCTYPE_DES_CBC_CRC };
        int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
 
+       /* We only care about getting a krb5 cred */
+       desired_mechs.count = 1;
+       desired_mechs.elements = &krb5oid;
+
        maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
-                                   GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+                                   &desired_mechs, GSS_C_INITIATE,
                                    &credh, NULL, NULL);
 
        if (maj_stat != GSS_S_COMPLETE) {
@@ -328,6 +334,7 @@ gssd_get_single_krb5_cred(krb5_context context,
        char cc_name[BUFSIZ];
        int code;
        time_t now = time(0);
+       char *cache_type;
 
        memset(&my_creds, 0, sizeof(my_creds));
 
@@ -374,7 +381,12 @@ gssd_get_single_krb5_cred(krb5_context context,
         * Initialize cache file which we're going to be using
         */
 
-       snprintf(cc_name, sizeof(cc_name), "FILE:%s/%s%s_%s",
+       if (use_memcache)
+           cache_type = "MEMORY";
+       else
+           cache_type = "FILE";
+       snprintf(cc_name, sizeof(cc_name), "%s:%s/%s%s_%s",
+               cache_type,
                GSSD_DEFAULT_CRED_DIR, GSSD_DEFAULT_CRED_PREFIX,
                GSSD_DEFAULT_MACHINE_CRED_SUFFIX, ple->realm);
        ple->endtime = my_creds.times.endtime;