X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fgss_util.c;h=8fe1e9be316929f8a29072d576c678eb03352089;hp=3493280acc050e05756f08f634b28639dccacad6;hb=706bfd7c94d48659a1411fdef2a3a61d4719f1aa;hpb=f1bfe0916c04d93de7a4fae5315fff6e4ccac23f

diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
index 3493280..8fe1e9b 100644
--- a/utils/gssd/gss_util.c
+++ b/utils/gssd/gss_util.c
@@ -57,7 +57,11 @@
  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  * PERFORMANCE OF THIS SOFTWARE.
  */
-#include "config.h"
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif	/* HAVE_CONFIG_H */
+
 #include <errno.h>
 #include <stdio.h>
 #include <ctype.h>
@@ -73,6 +77,10 @@
 #include <netdb.h>
 #include <fcntl.h>
 #include <gssapi/gssapi.h>
+#if defined(HAVE_KRB5) && !defined(GSS_C_NT_HOSTBASED_SERVICE)
+#include <gssapi/gssapi_generic.h>
+#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#endif
 #include "gss_util.h"
 #include "err_util.h"
 #include "gssd.h"
@@ -141,6 +149,7 @@ display_status_2(char *m, u_int32_t major, u_int32_t minor, const gss_OID mech)
 	char maj_buf[30], min_buf[30];
 	char *maj, *min;
 	u_int32_t msg_ctx = 0;
+	int msg_verbosity = 0;
 
 	/* Get major status message */
 	maj_stat1 = gss_display_status(&min_stat1, major,
@@ -164,7 +173,9 @@ display_status_2(char *m, u_int32_t major, u_int32_t minor, const gss_OID mech)
 		min = min_gss_buf.value;
 	}
 
-	printerr(0, "ERROR: GSS-API: error in %s(): %s - %s\n",
+	if (major == GSS_S_CREDENTIALS_EXPIRED)
+		msg_verbosity = 1;
+	printerr(msg_verbosity, "ERROR: GSS-API: error in %s(): %s - %s\n",
 		 m, maj, min);
 
 	if (maj_gss_buf.length != 0)
@@ -180,18 +191,19 @@ pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat, const gss_OID mech)
 }
 
 int
-gssd_acquire_cred(char *server_name)
+gssd_acquire_cred(char *server_name, const gss_OID oid)
 {
 	gss_buffer_desc name;
 	gss_name_t target_name;
 	u_int32_t maj_stat, min_stat;
 	u_int32_t ignore_maj_stat, ignore_min_stat;
+	gss_buffer_desc pbuf;
 
 	name.value = (void *)server_name;
 	name.length = strlen(server_name);
 
 	maj_stat = gss_import_name(&min_stat, &name,
-			(const gss_OID) GSS_C_NT_HOSTBASED_SERVICE,
+			oid,
 			&target_name);
 
 	if (maj_stat != GSS_S_COMPLETE) {
@@ -203,10 +215,44 @@ gssd_acquire_cred(char *server_name)
 			GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
 			&gssd_creds, NULL, NULL);
 
-	ignore_maj_stat = gss_release_name(&ignore_min_stat, &target_name);
-
-	if (maj_stat != GSS_S_COMPLETE)
+	if (maj_stat != GSS_S_COMPLETE) {
 		pgsserr("gss_acquire_cred", maj_stat, min_stat, g_mechOid);
+		ignore_maj_stat = gss_display_name(&ignore_min_stat,
+				target_name, &pbuf, NULL);
+		if (ignore_maj_stat == GSS_S_COMPLETE) {
+			printerr(1, "Unable to obtain credentials for '%.*s'\n",
+				 pbuf.length, pbuf.value);
+			ignore_maj_stat = gss_release_buffer(&ignore_min_stat,
+							     &pbuf);
+		}
+	}
+
+	ignore_maj_stat = gss_release_name(&ignore_min_stat, &target_name);
 
 	return (maj_stat == GSS_S_COMPLETE);
 }
+
+int gssd_check_mechs(void)
+{
+	u_int32_t maj_stat, min_stat;
+	gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
+	int retval = -1;
+
+	maj_stat = gss_indicate_mechs(&min_stat, &supported_mechs);
+	if (maj_stat != GSS_S_COMPLETE) {
+		printerr(0, "Unable to obtain list of supported mechanisms. "
+			 "Check that gss library is properly configured.\n");
+		goto out;
+	}
+	if (supported_mechs == GSS_C_NO_OID_SET ||
+	    supported_mechs->count == 0) {
+		printerr(0, "Unable to obtain list of supported mechanisms. "
+			 "Check that gss library is properly configured.\n");
+		goto out;
+	}
+	maj_stat = gss_release_oid_set(&min_stat, &supported_mechs);
+	retval = 0;
+out:
+	return retval;
+}
+