X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fkrb5_util.c;h=5d433b121ee26b96f2319fec04eda6eca638dc18;hp=20396e06d8c22fac0901dbb1a55ea8df7776e08b;hb=3a09fc138b1347ec5b20351674d3d901bc961937;hpb=6904f7b7f4f91d52c4bd783e5588e870d32ff021 diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 20396e0..5d433b1 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -334,6 +334,7 @@ gssd_get_single_krb5_cred(krb5_context context, int code; time_t now = time(0); char *cache_type; + char *pname = NULL; memset(&my_creds, 0, sizeof(my_creds)); @@ -350,6 +351,9 @@ gssd_get_single_krb5_cred(krb5_context context, goto out; } + if ((krb5_unparse_name(context, ple->princ, &pname))) + pname = NULL; + krb5_get_init_creds_opt_init(&options); krb5_get_init_creds_opt_set_address_list(&options, NULL); @@ -358,17 +362,12 @@ gssd_get_single_krb5_cred(krb5_context context, printerr(0, "WARNING: Using (debug) short machine cred lifetime!\n"); krb5_get_init_creds_opt_set_tkt_life(&options, 5*60); #endif - if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ, - kt, 0, NULL, &options))) { - char *pname; - if ((krb5_unparse_name(context, ple->princ, &pname))) { - pname = NULL; - } + if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ, + kt, 0, NULL, &options))) { printerr(0, "WARNING: %s while getting initial ticket for " - "principal '%s' from keytab '%s'\n", + "principal '%s' using keytab '%s'\n", error_message(code), pname ? pname : "", kt_name); - if (pname) k5_free_unparsed_name(context, pname); goto out; } @@ -385,10 +384,12 @@ gssd_get_single_krb5_cred(krb5_context context, GSSD_DEFAULT_CRED_DIR, GSSD_DEFAULT_CRED_PREFIX, GSSD_DEFAULT_MACHINE_CRED_SUFFIX, ple->realm); ple->endtime = my_creds.times.endtime; + if (ple->ccname != NULL) + free(ple->ccname); ple->ccname = strdup(cc_name); if (ple->ccname == NULL) { printerr(0, "ERROR: no storage to duplicate credentials " - "cache name\n"); + "cache name '%s'\n", cc_name); code = ENOMEM; goto out; } @@ -409,8 +410,11 @@ gssd_get_single_krb5_cred(krb5_context context, } code = 0; - printerr(1, "Using (machine) credentials cache: '%s'\n", cc_name); + printerr(2, "Successfully obtained machine credentials for " + "principal '%s' stored in ccache '%s'\n", pname, cc_name); out: + if (pname) + k5_free_unparsed_name(context, pname); if (ccache) krb5_cc_close(context, ccache); krb5_free_cred_contents(context, &my_creds); @@ -1146,18 +1150,19 @@ gssd_get_krb5_machine_cred_list(char ***list) retval = -1; *list = (char **) NULL; - /* Refresh machine credentials */ - if ((retval = gssd_refresh_krb5_machine_creds())) { - goto out; - } - if ((l = (char **) malloc(listsize * sizeof(char *))) == NULL) { retval = ENOMEM; goto out; } + /* Need to serialize list if we ever become multi-threaded! */ + for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) { if (ple->ccname) { + /* Make sure cred is up-to-date before returning it */ + retval = gssd_refresh_krb5_machine_credential(NULL, ple); + if (retval) + continue; if (i + 1 > listsize) { listsize += listinc; l = (char **)