From: Eberhard Kuemmerle <e.kuemmerle@xxxxxxxxxxxxx> Allow the principal that is used to get the machines creds definable on the command like with the new '-p <principal>'. This is useful in cluster environments. Signed-off-by: Eberhard Kuemmerle <E.Kuemmerle@xxxxxxxxxxxxx> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx> --- utils/gssd/gss_util.c | 4 ++-- utils/gssd/gss_util.h | 2 +- utils/gssd/gssd.h | 1 - utils/gssd/svcgssd.c | 28 ++++++++++++++++++++-------- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c index 99aceb3..8fe1e9b 100644 --- a/utils/gssd/gss_util.c +++ b/utils/gssd/gss_util.c @@ -191,7 +191,7 @@ pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat, const gss_OID mech) } int -gssd_acquire_cred(char *server_name) +gssd_acquire_cred(char *server_name, const gss_OID oid) { gss_buffer_desc name; gss_name_t target_name; @@ -203,7 +203,7 @@ gssd_acquire_cred(char *server_name) name.length = strlen(server_name); maj_stat = gss_import_name(&min_stat, &name, - (const gss_OID) GSS_C_NT_HOSTBASED_SERVICE, + oid, &target_name); if (maj_stat != GSS_S_COMPLETE) { diff --git a/utils/gssd/gss_util.h b/utils/gssd/gss_util.h index bfe8c4a..67b3077 100644 --- a/utils/gssd/gss_util.h +++ b/utils/gssd/gss_util.h @@ -37,7 +37,7 @@ extern gss_cred_id_t gssd_creds; -int gssd_acquire_cred(char *server_name); +int gssd_acquire_cred(char *server_name, const gss_OID oid); void pgsserr(char *msg, u_int32_t maj_stat, u_int32_t min_stat, const gss_OID mech); int gssd_check_mechs(void); diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h index 465c305..b1b5793 100644 --- a/utils/gssd/gssd.h +++ b/utils/gssd/gssd.h @@ -100,7 +100,6 @@ int update_client_list(void); void handle_krb5_upcall(struct clnt_info *clp); void handle_spkm3_upcall(struct clnt_info *clp); void handle_gssd_upcall(struct clnt_info *clp); -int gssd_acquire_cred(char *server_name); void gssd_run(void); diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c index e7375a4..9b463f3 100644 --- a/utils/gssd/svcgssd.c +++ b/utils/gssd/svcgssd.c @@ -167,7 +167,7 @@ sig_hup(int signal) static void usage(char *progname) { - fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i]\n", + fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i] [-p principal]\n", progname); exit(1); } @@ -180,9 +180,10 @@ main(int argc, char *argv[]) int verbosity = 0; int rpc_verbosity = 0; int idmap_verbosity = 0; - int opt; + int opt, status; extern char *optarg; char *progname; + char *principal = NULL; while ((opt = getopt(argc, argv, "fivrnp:")) != -1) { switch (opt) { @@ -201,6 +202,9 @@ main(int argc, char *argv[]) case 'r': rpc_verbosity++; break; + case 'p': + principal = optarg; + break; default: usage(argv[0]); break; @@ -244,12 +248,20 @@ main(int argc, char *argv[]) signal(SIGTERM, sig_die); signal(SIGHUP, sig_hup); - if (get_creds && !gssd_acquire_cred(GSSD_SERVICE_NAME)) { - printerr(0, "unable to obtain root (machine) credentials\n"); - printerr(0, "do you have a keytab entry for " - "nfs/<your.host>@<YOUR.REALM> in " - "/etc/krb5.keytab?\n"); - exit(1); + if (get_creds) { + if (principal) + status = gssd_acquire_cred(principal, + ((const gss_OID)GSS_C_NT_USER_NAME)); + else + status = gssd_acquire_cred(GSSD_SERVICE_NAME, + (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE); + if (status == FALSE) { + printerr(0, "unable to obtain root (machine) credentials\n"); + printerr(0, "do you have a keytab entry for " + "nfs/<your.host>@<YOUR.REALM> in " + "/etc/krb5.keytab?\n"); + exit(1); + } } if (!fg) -- 1.7.2.3 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html