gssd_setup_krb5_user_gss_ccache must return an error if no usable cache is
authorLukas Hejtmanek <xhejtman@ics.muni.cz>
Tue, 15 Jul 2008 14:02:49 +0000 (10:02 -0400)
committerSteve Dickson <steved@redhat.com>
Tue, 15 Jul 2008 14:02:49 +0000 (10:02 -0400)
found. Trying to use invalid default cache and continue is not good idea at all.

Signed-off-by: Lukas Hejtmanek <xhejtman@ics.muni.cz>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
utils/gssd/gssd_proc.c
utils/gssd/krb5_util.c
utils/gssd/krb5_util.h

index be6f440..a145081 100644 (file)
@@ -703,9 +703,8 @@ handle_krb5_upcall(struct clnt_info *clp)
        if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0)) {
                /* Tell krb5 gss which credentials cache to use */
                for (dirname = ccachesearch; *dirname != NULL; dirname++) {
-                       gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
-
-                       create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+                       if (gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname) == 0)
+                               create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
                                                             AUTHTYPE_KRB5);
                        if (create_resp == 0)
                                break;
index 512c1cf..4a4d10b 100644 (file)
@@ -894,9 +894,10 @@ out:
  * do the best we can.
  *
  * Returns:
- *     void
+ *     0 => a ccache was found
+ *     1 => no ccache was found
  */
-void
+int
 gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname)
 {
        char                    buf[MAX_NETOBJ_SZ];
@@ -910,11 +911,11 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname)
                free(d);
        }
        else
-               snprintf(buf, sizeof(buf), "FILE:%s/%s%u",
-                       dirname, GSSD_DEFAULT_CRED_PREFIX, uid);
+               return 1;
        printerr(2, "using %s as credentials cache for client with "
                    "uid %u for server %s\n", buf, uid, servername);
        gssd_set_krb5_ccache_name(buf);
+       return 0;
 }
 
 /*
index 431fdaf..addae1c 100644 (file)
@@ -17,7 +17,7 @@ struct gssd_k5_kt_princ {
 };
 
 
-void gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername,
+int gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername,
                                     char *dirname);
 int  gssd_get_krb5_machine_cred_list(char ***list);
 void gssd_free_krb5_machine_cred_list(char **list);