On 07/03/2010 11:30 PM, Doug Nazar wrote:
> I'm running rpc.gssd with the the -n option. Noticed that with the new
> version it's now creating the machine cache file which is also owned by
> root so when it scans the cache files it matches the root user and then
> depending on the timestamp it can grab the wrong file.
>
> Doug
>
>
> nfs-utils-ignore-machine-cred.diff
>
Committed...
steved.
>
> commit 891bf46cd23dbbb24188456aad29ac0ead2bc31f
> Author: Doug Nazar <nazard.michi@xxxxxxxxx>
> Date: Sat Jul 3 23:12:27 2010 -0400
>
> When not using machine credentials for root, if the machine
> credential cache file is newer than the root credential file
> the wrong file will get picked. Ignore the machine file in this
> case.
>
> diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
> index dccbeb6..d23654f 100644
> --- a/utils/gssd/krb5_util.c
> +++ b/utils/gssd/krb5_util.c
> @@ -224,6 +224,13 @@ gssd_find_existing_krb5_ccache(uid_t uid, char *dirname, struct dirent **d)
> free(namelist[i]);
> continue;
> }
> + if (uid == 0 && !root_uses_machine_creds &&
> + strstr(namelist[i]->d_name, "_machine_")) {
> + printerr(3, "CC file '%s' not available to root\n",
> + statname);
> + free(namelist[i]);
> + continue;
> + }
> if (!query_krb5_ccache(buf, &princname, &realm)) {
> printerr(3, "CC file '%s' is expired or corrupt\n",
> statname);
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
