Add option to specify directory to search for credentials cache files
authorneilbrown <neilbrown>
Tue, 28 Mar 2006 00:50:03 +0000 (00:50 +0000)
committerneilbrown <neilbrown>
Tue, 28 Mar 2006 00:50:03 +0000 (00:50 +0000)
From: Vince Busam <vbusam@google.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add command line option to specify which directory should be searched
to find credentials caches.
(really this time)

ChangeLog
utils/gssd/gssd.c
utils/gssd/gssd.h
utils/gssd/gssd.man
utils/gssd/krb5_util.c

index 663fa5b..437660a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,15 @@
 2006-03-28 kwc@citi.umich.edu
+       Add option to specify directory to search for credentials cache files
+       
+       
+       From: Vince Busam <vbusam@google.com>
+       Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+       
+       Add command line option to specify which directory should be searched
+       to find credentials caches.
+       (really this time)      
+       
+2006-03-28 kwc@citi.umich.edu
        Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
        
        We need to get access to the internal krb5 context pointer for
index 8031d48..8e9c72a 100644 (file)
@@ -55,6 +55,7 @@
 
 char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
 char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
+char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR;
 
 void
 sig_die(int signal)
@@ -76,7 +77,7 @@ sig_hup(int signal)
 static void
 usage(char *progname)
 {
-       fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab]\n",
+       fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir]\n",
                progname);
        exit(1);
 }
@@ -91,7 +92,7 @@ main(int argc, char *argv[])
        extern char *optarg;
        char *progname;
 
-       while ((opt = getopt(argc, argv, "fvrmp:k:")) != -1) {
+       while ((opt = getopt(argc, argv, "fvrmp:k:d:")) != -1) {
                switch (opt) {
                        case 'f':
                                fg = 1;
@@ -115,6 +116,11 @@ main(int argc, char *argv[])
                                if (keytabfile[sizeof(keytabfile)-1] != '\0')
                                        errx(1, "keytab path name too long");
                                break;
+                       case 'd':
+                               strncpy(ccachedir, optarg, sizeof(ccachedir));
+                               if (ccachedir[sizeof(ccachedir-1)] != '\0')
+                                       errx(1, "ccachedir path name too long");
+                               break;
                        default:
                                usage(argv[0]);
                                break;
index d590401..d60a499 100644 (file)
@@ -60,6 +60,7 @@ enum {AUTHTYPE_KRB5, AUTHTYPE_SPKM3, AUTHTYPE_LIPKEY};
 
 extern char                    pipefsdir[PATH_MAX];
 extern char                    keytabfile[PATH_MAX];
+extern char                    ccachedir[PATH_MAX];
 
 TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list;
 
index 01404d1..250d26f 100644 (file)
@@ -6,7 +6,7 @@
 .SH NAME
 rpc.gssd \- rpcsec_gss daemon
 .SH SYNOPSIS
-.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r]"
+.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r] [-d ccachedir]"
 .SH DESCRIPTION
 The rpcsec_gss protocol gives a means of using the gss-api generic security
 api to provide security for protocols using rpc (in particular, nfs).  Before
@@ -48,6 +48,11 @@ Tells
 where to look for the rpc_pipefs filesystem.  The default value is
 "/var/lib/nfs/rpc_pipefs".
 .TP
+.B -d directory
+Tells
+.B rpc.gssd
+where to look for kerberos credential files.  The default value is "/tmp".
+.TP
 .B -v
 Increases the verbosity of the output (can be specified multiple times).
 .TP
index 5f3e490..3030c3f 100644 (file)
@@ -158,7 +158,7 @@ select_krb5_ccache(const struct dirent *d)
 }
 
 /*
- * Look in the GSSD_DEFAULT_CRED_DIR for files that look like they
+ * Look in the ccachedir for files that look like they
  * are Kerberos Credential Cache files for a given UID.  Return
  * non-zero and the dirent pointer for the entry most likely to be
  * what we want. Otherwise, return zero and no dirent pointer.
@@ -179,7 +179,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
        struct stat best_match_stat, tmp_stat;
 
        *d = NULL;
-       n = scandir(GSSD_DEFAULT_CRED_DIR, &namelist, select_krb5_ccache, 0);
+       n = scandir(ccachedir, &namelist, select_krb5_ccache, 0);
        if (n < 0) {
                perror("scandir looking for krb5 credentials caches");
        }
@@ -195,7 +195,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
                        if (strstr(namelist[i]->d_name, substring) ||
                            !strcmp(namelist[i]->d_name, fullstring)) {
                                snprintf(statname, sizeof(statname),
-                                        "%s/%s", GSSD_DEFAULT_CRED_DIR,
+                                        "%s/%s", ccachedir,
                                         namelist[i]->d_name);
                                if (stat(statname, &tmp_stat)) {
                                        printerr(0, "Error doing stat "
@@ -626,13 +626,12 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername)
        memset(buf, 0, sizeof(buf));
        if (gssd_find_existing_krb5_ccache(uid, &d)) {
                snprintf(buf, sizeof(buf), "FILE:%s/%s",
-                       GSSD_DEFAULT_CRED_DIR, d->d_name);
+                       ccachedir, d->d_name);
                free(d);
        }
        else
                snprintf(buf, sizeof(buf), "FILE:%s/%s%u",
-                       GSSD_DEFAULT_CRED_DIR,
-                       GSSD_DEFAULT_CRED_PREFIX, uid);
+                       ccachedir, GSSD_DEFAULT_CRED_PREFIX, uid);
        printerr(2, "using %s as credentials cache for client with "
                    "uid %u for server %s\n", buf, uid, servername);
        gssd_set_krb5_ccache_name(buf);