From: neilbrown <neilbrown>
Date: Tue, 28 Mar 2006 00:50:03 +0000 (+0000)
Subject: 	Add option to specify directory to search for credentials cache files
X-Git-Tag: nfs-utils-1-0-8~14
X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=commitdiff_plain;h=a6037e23a8c9d649bf5946ac9d23114f9097b997;hp=804a7ea8bffb1b26a0e8632eb8fb61ef30cdbf68

	Add option to specify directory to search for credentials cache files


	From: Vince Busam <vbusam@google.com>
	Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>

	Add command line option to specify which directory should be searched
	to find credentials caches.
	(really this time)
---

diff --git a/ChangeLog b/ChangeLog
index 663fa5b..437660a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2006-03-28 kwc@citi.umich.edu
+	Add option to specify directory to search for credentials cache files
+	
+	
+	From: Vince Busam <vbusam@google.com>
+	Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+	
+	Add command line option to specify which directory should be searched
+	to find credentials caches.
+	(really this time)	
+	
 2006-03-28 kwc@citi.umich.edu
 	Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
 	
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index 8031d48..8e9c72a 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -55,6 +55,7 @@
 
 char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
 char keytabfile[PATH_MAX] = GSSD_DEFAULT_KEYTAB_FILE;
+char ccachedir[PATH_MAX] = GSSD_DEFAULT_CRED_DIR;
 
 void
 sig_die(int signal)
@@ -76,7 +77,7 @@ sig_hup(int signal)
 static void
 usage(char *progname)
 {
-	fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab]\n",
+	fprintf(stderr, "usage: %s [-f] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir]\n",
 		progname);
 	exit(1);
 }
@@ -91,7 +92,7 @@ main(int argc, char *argv[])
 	extern char *optarg;
 	char *progname;
 
-	while ((opt = getopt(argc, argv, "fvrmp:k:")) != -1) {
+	while ((opt = getopt(argc, argv, "fvrmp:k:d:")) != -1) {
 		switch (opt) {
 			case 'f':
 				fg = 1;
@@ -115,6 +116,11 @@ main(int argc, char *argv[])
 				if (keytabfile[sizeof(keytabfile)-1] != '\0')
 					errx(1, "keytab path name too long");
 				break;
+			case 'd':
+				strncpy(ccachedir, optarg, sizeof(ccachedir));
+				if (ccachedir[sizeof(ccachedir-1)] != '\0')
+					errx(1, "ccachedir path name too long");
+				break;
 			default:
 				usage(argv[0]);
 				break;
diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
index d590401..d60a499 100644
--- a/utils/gssd/gssd.h
+++ b/utils/gssd/gssd.h
@@ -60,6 +60,7 @@ enum {AUTHTYPE_KRB5, AUTHTYPE_SPKM3, AUTHTYPE_LIPKEY};
 
 extern char			pipefsdir[PATH_MAX];
 extern char			keytabfile[PATH_MAX];
+extern char			ccachedir[PATH_MAX];
 
 TAILQ_HEAD(clnt_list_head, clnt_info) clnt_list;
 
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index 01404d1..250d26f 100644
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -6,7 +6,7 @@
 .SH NAME
 rpc.gssd \- rpcsec_gss daemon
 .SH SYNOPSIS
-.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r]"
+.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v] [-r] [-d ccachedir]"
 .SH DESCRIPTION
 The rpcsec_gss protocol gives a means of using the gss-api generic security
 api to provide security for protocols using rpc (in particular, nfs).  Before
@@ -48,6 +48,11 @@ Tells
 where to look for the rpc_pipefs filesystem.  The default value is
 "/var/lib/nfs/rpc_pipefs".
 .TP
+.B -d directory
+Tells
+.B rpc.gssd
+where to look for kerberos credential files.  The default value is "/tmp".
+.TP
 .B -v
 Increases the verbosity of the output (can be specified multiple times).
 .TP
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 5f3e490..3030c3f 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -158,7 +158,7 @@ select_krb5_ccache(const struct dirent *d)
 }
 
 /*
- * Look in the GSSD_DEFAULT_CRED_DIR for files that look like they
+ * Look in the ccachedir for files that look like they
  * are Kerberos Credential Cache files for a given UID.  Return
  * non-zero and the dirent pointer for the entry most likely to be
  * what we want. Otherwise, return zero and no dirent pointer.
@@ -179,7 +179,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
 	struct stat best_match_stat, tmp_stat;
 
 	*d = NULL;
-	n = scandir(GSSD_DEFAULT_CRED_DIR, &namelist, select_krb5_ccache, 0);
+	n = scandir(ccachedir, &namelist, select_krb5_ccache, 0);
 	if (n < 0) {
 		perror("scandir looking for krb5 credentials caches");
 	}
@@ -195,7 +195,7 @@ gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d)
 			if (strstr(namelist[i]->d_name, substring) ||
 			    !strcmp(namelist[i]->d_name, fullstring)) {
 				snprintf(statname, sizeof(statname),
-					 "%s/%s", GSSD_DEFAULT_CRED_DIR,
+					 "%s/%s", ccachedir,
 					 namelist[i]->d_name);
 				if (stat(statname, &tmp_stat)) {
 					printerr(0, "Error doing stat "
@@ -626,13 +626,12 @@ gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername)
 	memset(buf, 0, sizeof(buf));
 	if (gssd_find_existing_krb5_ccache(uid, &d)) {
 		snprintf(buf, sizeof(buf), "FILE:%s/%s",
-			GSSD_DEFAULT_CRED_DIR, d->d_name);
+			ccachedir, d->d_name);
 		free(d);
 	}
 	else
 		snprintf(buf, sizeof(buf), "FILE:%s/%s%u",
-			GSSD_DEFAULT_CRED_DIR,
-			GSSD_DEFAULT_CRED_PREFIX, uid);
+			ccachedir, GSSD_DEFAULT_CRED_PREFIX, uid);
 	printerr(2, "using %s as credentials cache for client with "
 		    "uid %u for server %s\n", buf, uid, servername);
 	gssd_set_krb5_ccache_name(buf);