nfs-utils: Add support to svcgssd to limit the negotiated enctypes

[nfs-utils.git] / utils / gssd / svcgssd.c

diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
index 69d2a6966946b287fed1bcdfef0849cb5a844dfb..1afff9e5a4935c3a9be76b4ccaf2d02f3463e74c 100644 (file)
--- a/utils/gssd/svcgssd.c
+++ b/utils/gssd/svcgssd.c
@@ -117,10 +117,16 @@ mydaemon(int nochdir, int noclose)
 
        if (noclose == 0) {
                tempfd = open("/dev/null", O_RDWR);
-               dup2(tempfd, 0);
-               dup2(tempfd, 1);
-               dup2(tempfd, 2);
-               closeall(3);
+               if (tempfd >= 0) {
+                       dup2(tempfd, 0);
+                       dup2(tempfd, 1);
+                       dup2(tempfd, 2);
+                       close(tempfd);
+               } else {
+                       printerr(1, "mydaemon: can't open /dev/null: errno %d "
+                                   "(%s)\n", errno, strerror(errno));
+                       exit(1);
+               }
        }
 
        return;
@@ -154,14 +160,14 @@ void
 sig_hup(int signal)
 {
        /* don't exit on SIGHUP */
-       printerr(1, "Received SIGHUP... Ignoring.\n");
+       printerr(1, "Received SIGHUP(%d)... Ignoring.\n", signal);
        return;
 }
 
 static void
 usage(char *progname)
 {
-       fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i]\n",
+       fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i] [-p principal]\n",
                progname);
        exit(1);
 }
@@ -174,9 +180,10 @@ main(int argc, char *argv[])
        int verbosity = 0;
        int rpc_verbosity = 0;
        int idmap_verbosity = 0;
-       int opt;
+       int opt, status;
        extern char *optarg;
        char *progname;
+       char *principal = NULL;
 
        while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
                switch (opt) {
@@ -195,6 +202,9 @@ main(int argc, char *argv[])
                        case 'r':
                                rpc_verbosity++;
                                break;
+                       case 'p':
+                               principal = optarg;
+                               break;
                        default:
                                usage(argv[0]);
                                break;
@@ -238,17 +248,33 @@ main(int argc, char *argv[])
        signal(SIGTERM, sig_die);
        signal(SIGHUP, sig_hup);
 
-       if (get_creds && !gssd_acquire_cred(GSSD_SERVICE_NAME)) {
-                printerr(0, "unable to obtain root (machine) credentials\n");
-                printerr(0, "do you have a keytab entry for "
-                           "nfs/<your.host>@<YOUR.REALM> in "
-                           "/etc/krb5.keytab?\n");
-               exit(1);
+       if (get_creds) {
+               if (principal)
+                       status = gssd_acquire_cred(principal, 
+                               ((const gss_OID)GSS_C_NT_USER_NAME));
+               else
+                       status = gssd_acquire_cred(GSSD_SERVICE_NAME, 
+                               (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE);
+               if (status == FALSE) {
+                       printerr(0, "unable to obtain root (machine) credentials\n");
+                       printerr(0, "do you have a keytab entry for "
+                               "nfs/<your.host>@<YOUR.REALM> in "
+                               "/etc/krb5.keytab?\n");
+                       exit(1);
+               }
+       } else {
+               status = gssd_acquire_cred(NULL,
+                       (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE);
+               if (status == FALSE) {
+                       printerr(0, "unable to obtain nameless credentials\n");
+                       exit(1);
+               }
        }
 
        if (!fg)
                release_parent();
 
+       nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
        gssd_run();
        printerr(0, "gssd_run returned!\n");
        abort();