Check that the gssapi library is usable early on.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured.  We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.

diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
index f62a87b3ad6974a1c107e0d7a698aa71bd434b90..d316b4d11bb60c6bbd20e6a6cc2e88d6386028af 100644 (file)
--- a/utils/gssd/gss_util.c
+++ b/utils/gssd/gss_util.c
@@ -224,3 +224,28 @@ gssd_acquire_cred(char *server_name)
 
        return (maj_stat == GSS_S_COMPLETE);
 }
 
        return (maj_stat == GSS_S_COMPLETE);
 }

+
+int gssd_check_mechs(void)
+{
+       u_int32_t maj_stat, min_stat;
+       gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
+       int retval = -1;
+
+       maj_stat = gss_indicate_mechs(&min_stat, &supported_mechs);
+       if (maj_stat != GSS_S_COMPLETE) {
+               printerr(0, "Unable to obtain list of supported mechanisms. "
+                        "Check that gss library is properly configured.\n");
+               goto out;
+       }
+       if (supported_mechs == GSS_C_NO_OID_SET ||
+           supported_mechs->count == 0) {
+               printerr(0, "Unable to obtain list of supported mechanisms. "
+                        "Check that gss library is properly configured.\n");
+               goto out;
+       }
+       maj_stat = gss_release_oid_set(&min_stat, &supported_mechs);
+       retval = 0;
+out:
+       return retval;
+}
+

diff --git a/utils/gssd/gss_util.h b/utils/gssd/gss_util.h
index 9e480ac4f1c24d78389726b58a1881b4f224f012..bfe8c4af9145db8451679a9ef76db6bfc9a43b16 100644 (file)
--- a/utils/gssd/gss_util.h
+++ b/utils/gssd/gss_util.h
@@ -40,5 +40,6 @@ extern gss_cred_id_t  gssd_creds;
 int gssd_acquire_cred(char *server_name);
 void pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat,
        const gss_OID mech);
 int gssd_acquire_cred(char *server_name);
 void pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat,
        const gss_OID mech);

+int gssd_check_mechs(void);

 
 #endif /* _GSS_UTIL_H_ */
 
 #endif /* _GSS_UTIL_H_ */

diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 8e9c72acdfd8e47d46a8b00ecd74cf44496379f3..d6ddaaec911f09203d2265b783c9384d64fed2be 100644 (file)
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -145,6 +145,9 @@ main(int argc, char *argv[])
                            "support setting debug level\n");
 #endif
 
                            "support setting debug level\n");
 #endif
 

+       if (gssd_check_mechs() != 0)
+               errx(1, "Problem with gssapi library");
+

        if (!fg && daemon(0, 0) < 0)
                errx(1, "fork");
 
        if (!fg && daemon(0, 0) < 0)
                errx(1, "fork");
 

diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
index 4e0806c30a425df6f915825d469e196e2e54c2b3..0db3762d2d00575240600b753f268da0695ce9c6 100644 (file)
--- a/utils/gssd/svcgssd.c
+++ b/utils/gssd/svcgssd.c
@@ -204,6 +204,11 @@ main(int argc, char *argv[])
                            "support setting debug level\n");
 #endif
 
                            "support setting debug level\n");
 #endif
 

+       if (gssd_check_mechs() != 0) {
+               printerr(0, "ERROR: Problem with gssapi library\n");
+               exit(1);
+       }
+

        if (!fg)
                mydaemon(0, 0);
 
        if (!fg)
                mydaemon(0, 0);