Check that the gssapi library is usable early on.
authorkwc@citi.umich.edu <kwc@citi.umich.edu>
Mon, 3 Jul 2006 22:34:10 +0000 (18:34 -0400)
committerNeil Brown <neilb@suse.de>
Tue, 4 Jul 2006 00:27:15 +0000 (10:27 +1000)
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured.  We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.

utils/gssd/gss_util.c
utils/gssd/gss_util.h
utils/gssd/gssd.c
utils/gssd/svcgssd.c

index f62a87b..d316b4d 100644 (file)
@@ -224,3 +224,28 @@ gssd_acquire_cred(char *server_name)
 
        return (maj_stat == GSS_S_COMPLETE);
 }
+
+int gssd_check_mechs(void)
+{
+       u_int32_t maj_stat, min_stat;
+       gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
+       int retval = -1;
+
+       maj_stat = gss_indicate_mechs(&min_stat, &supported_mechs);
+       if (maj_stat != GSS_S_COMPLETE) {
+               printerr(0, "Unable to obtain list of supported mechanisms. "
+                        "Check that gss library is properly configured.\n");
+               goto out;
+       }
+       if (supported_mechs == GSS_C_NO_OID_SET ||
+           supported_mechs->count == 0) {
+               printerr(0, "Unable to obtain list of supported mechanisms. "
+                        "Check that gss library is properly configured.\n");
+               goto out;
+       }
+       maj_stat = gss_release_oid_set(&min_stat, &supported_mechs);
+       retval = 0;
+out:
+       return retval;
+}
+
index 9e480ac..bfe8c4a 100644 (file)
@@ -40,5 +40,6 @@ extern gss_cred_id_t  gssd_creds;
 int gssd_acquire_cred(char *server_name);
 void pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat,
        const gss_OID mech);
+int gssd_check_mechs(void);
 
 #endif /* _GSS_UTIL_H_ */
index 8e9c72a..d6ddaae 100644 (file)
@@ -145,6 +145,9 @@ main(int argc, char *argv[])
                            "support setting debug level\n");
 #endif
 
+       if (gssd_check_mechs() != 0)
+               errx(1, "Problem with gssapi library");
+
        if (!fg && daemon(0, 0) < 0)
                errx(1, "fork");
 
index 4e0806c..0db3762 100644 (file)
@@ -204,6 +204,11 @@ main(int argc, char *argv[])
                            "support setting debug level\n");
 #endif
 
+       if (gssd_check_mechs() != 0) {
+               printerr(0, "ERROR: Problem with gssapi library\n");
+               exit(1);
+       }
+
        if (!fg)
                mydaemon(0, 0);