X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fgssd.c;h=8ee478bc0bccb0aedee7bd3557e0f194ad69ab30;hp=0f7a7e58dbd01d6ca5d3c1509b3ac1ddb0c92433;hb=fb06ed9fc1fa11a95544fb2d89adb6c51ef5d946;hpb=f1bfe0916c04d93de7a4fae5315fff6e4ccac23f

diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 0f7a7e5..8ee478b 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -36,6 +36,10 @@
 
 */
 
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif	/* HAVE_CONFIG_H */
+
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <rpc/rpc.h>
@@ -51,22 +55,37 @@
 #include "gss_util.h"
 #include "krb5_util.h"
 
-char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
+char pipefs_dir[PATH_MAX] = GSSD_PIPEFS_DIR;
 char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
+char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR ":" GSSD_USER_CRED_DIR;
+char *ccachesearch[GSSD_MAX_CCACHE_SEARCH + 1];
+int  use_memcache = 0;
+int  root_uses_machine_creds = 1;
+unsigned int  context_timeout = 0;
+char *preferred_realm = NULL;
 
 void
 sig_die(int signal)
 {
 	/* destroy krb5 machine creds */
-	gssd_destroy_krb5_machine_creds();
+	if (root_uses_machine_creds)
+		gssd_destroy_krb5_machine_creds();
 	printerr(1, "exiting on signal %d\n", signal);
-	exit(1);
+	exit(0);
+}
+
+void
+sig_hup(int signal)
+{
+	/* don't exit on SIGHUP */
+	printerr(1, "Received SIGHUP(%d)... Ignoring.\n", signal);
+	return;
 }
 
 static void
 usage(char *progname)
 {
-	fprintf(stderr, "usage: %s [-f] [-v] [-p pipefsdir] [-k keytab]\n",
+	fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D]\n",
 		progname);
 	exit(1);
 }
@@ -76,11 +95,14 @@ main(int argc, char *argv[])
 {
 	int fg = 0;
 	int verbosity = 0;
+	int rpc_verbosity = 0;
 	int opt;
+	int i;
 	extern char *optarg;
 	char *progname;
 
-	while ((opt = getopt(argc, argv, "fvmp:k:")) != -1) {
+	memset(ccachesearch, 0, sizeof(ccachesearch));
+	while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:R:")) != -1) {
 		switch (opt) {
 			case 'f':
 				fg = 1;
@@ -88,12 +110,21 @@ main(int argc, char *argv[])
 			case 'm':
 				/* Accept but ignore this. Now the default. */
 				break;
+			case 'M':
+				use_memcache = 1;
+				break;
+			case 'n':
+				root_uses_machine_creds = 0;
+				break;
 			case 'v':
 				verbosity++;
 				break;
+			case 'r':
+				rpc_verbosity++;
+				break;
 			case 'p':
-				strncpy(pipefsdir, optarg, sizeof(pipefsdir));
-				if (pipefsdir[sizeof(pipefsdir)-1] != '\0')
+				strncpy(pipefs_dir, optarg, sizeof(pipefs_dir));
+				if (pipefs_dir[sizeof(pipefs_dir)-1] != '\0')
 					errx(1, "pipefs path name too long");
 				break;
 			case 'k':
@@ -101,15 +132,41 @@ main(int argc, char *argv[])
 				if (keytabfile[sizeof(keytabfile)-1] != '\0')
 					errx(1, "keytab path name too long");
 				break;
+			case 'd':
+				strncpy(ccachedir, optarg, sizeof(ccachedir));
+				if (ccachedir[sizeof(ccachedir)-1] != '\0')
+					errx(1, "ccachedir path name too long");
+				break;
+			case 't':
+				context_timeout = atoi(optarg);
+				break;
+			case 'R':
+				preferred_realm = strdup(optarg);
+				break;
+			case 'l':
+#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+				limit_to_legacy_enctypes = 1;
+#else 
+				errx(1, "Encryption type limits not supported by Kerberos libraries.");
+#endif
+				break;
+			case 'D':
+				avoid_dns = 0;
+				break;
 			default:
 				usage(argv[0]);
 				break;
 		}
 	}
-	strncat(pipefsdir + strlen(pipefsdir), "/" GSSD_SERVICE_NAME,
-		sizeof(pipefsdir)-strlen(pipefsdir));
-	if (pipefsdir[sizeof(pipefsdir)-1] != '\0')
-		errx(1, "pipefs path name too long");
+
+	i = 0;
+	ccachesearch[i++] = strtok(ccachedir, ":");
+	do {
+		ccachesearch[i++] = strtok(NULL, ":");
+	} while (ccachesearch[i-1] != NULL && i < GSSD_MAX_CCACHE_SEARCH);
+
+	if (preferred_realm == NULL)
+		gssd_k5_get_default_realm(&preferred_realm);
 
 	if ((progname = strrchr(argv[0], '/')))
 		progname++;
@@ -117,16 +174,25 @@ main(int argc, char *argv[])
 		progname = argv[0];
 
 	initerr(progname, verbosity, fg);
+#ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL
+	if (verbosity && rpc_verbosity == 0)
+		rpc_verbosity = verbosity;
+	authgss_set_debug_level(rpc_verbosity);
+#else
+        if (rpc_verbosity > 0)
+		printerr(0, "Warning: rpcsec_gss library does not "
+			    "support setting debug level\n");
+#endif
+
+	if (gssd_check_mechs() != 0)
+		errx(1, "Problem with gssapi library");
 
 	if (!fg && daemon(0, 0) < 0)
 		errx(1, "fork");
 
 	signal(SIGINT, sig_die);
 	signal(SIGTERM, sig_die);
-	signal(SIGHUP, sig_die);
-
-	/* Process keytab file and get machine credentials */
-	gssd_refresh_krb5_machine_creds();
+	signal(SIGHUP, sig_hup);
 
 	gssd_run();
 	printerr(0, "gssd_run returned!\n");