X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fkrb5_util.c;h=a0ee1100d29560fece53042ba5675b9ebbe41ad7;hp=096f6cf80812bf901c7c47db8ce45aa18218ab3c;hb=9a6cf25c17c4a7d69600d3802ea8c990cd317b9f;hpb=d4b2b6b90b927d10dba2967be85379f5b46ff231 diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 096f6cf..a0ee110 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -191,7 +191,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d) namelist[i]->d_name); snprintf(statname, sizeof(statname), "%s/%s", ccachedir, namelist[i]->d_name); - if (stat(statname, &tmp_stat)) { + if (lstat(statname, &tmp_stat)) { printerr(0, "Error doing stat on file '%s'\n", statname); free(namelist[i]); @@ -298,6 +298,7 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid) if (maj_stat != GSS_S_COMPLETE) { pgsserr("gss_set_allowable_enctypes", maj_stat, min_stat, &krb5oid); + gss_release_cred(&min_stat, &credh); return -1; } sec->cred = credh; @@ -448,7 +449,7 @@ gssd_have_realm_ple(void *r) /* * Process the given keytab file and create a list of principals we - * might use to perform mount operations. + * might use as machine credentials. * * Returns: * 0 => Sucess @@ -465,9 +466,8 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) /* * Look through each entry in the keytab file and determine - * if we might want to use it later to do a mount. If so, - * save info in the global principal list - * (gssd_k5_kt_princ_list). + * if we might want to use it as machine credentials. If so, + * save info in the global principal list (gssd_k5_kt_princ_list). * Note: (ple == principal list entry) */ if ((code = krb5_kt_start_seq_get(context, kt, &cursor))) { @@ -485,22 +485,14 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) printerr(0, "WARNING: Skipping keytab entry because " "we failed to unparse principal name: %s\n", error_message(code)); + krb5_kt_free_entry(context, &kte); continue; } printerr(2, "Processing keytab entry for principal '%s'\n", pname); -#ifdef HAVE_KRB5 - if ( (kte.principal->data[0].length == GSSD_SERVICE_NAME_LEN) && - (strncmp(kte.principal->data[0].data, GSSD_SERVICE_NAME, - GSSD_SERVICE_NAME_LEN) == 0) && -#else - if ( (strlen(kte.principal->name.name_string.val[0]) == GSSD_SERVICE_NAME_LEN) && - (strncmp(kte.principal->name.name_string.val[0], GSSD_SERVICE_NAME, - GSSD_SERVICE_NAME_LEN) == 0) && - -#endif - (!gssd_have_realm_ple((void *)&kte.principal->realm)) ) { - printerr(2, "We will use this entry (%s)\n", pname); + /* Just use the first keytab entry found for each realm */ + if ((!gssd_have_realm_ple((void *)&kte.principal->realm)) ) { + printerr(2, "We WILL use this entry (%s)\n", pname); ple = malloc(sizeof(struct gssd_k5_kt_princ)); if (ple == NULL) { printerr(0, "ERROR: could not allocate storage " @@ -510,6 +502,7 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) #else free(pname); #endif + krb5_kt_free_entry(context, &kte); retval = ENOMEM; goto out; } @@ -533,6 +526,7 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) #else free(pname); #endif + krb5_kt_free_entry(context, &kte); retval = ENOMEM; goto out; } @@ -546,6 +540,7 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) #else free(pname); #endif + krb5_kt_free_entry(context, &kte); retval = code; goto out; } @@ -565,6 +560,7 @@ gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name) #else free(pname); #endif + krb5_kt_free_entry(context, &kte); } if ((code = krb5_kt_end_seq_get(context, kt, &cursor))) {