| commit | 5df191a5fdad480d00d278c7f5046c6f0b80e386 | |
| author | Jeff Layton <jlayton@redhat.com> | |
| Wed, 14 Oct 2009 14:59:00 +0000 (14 10:59 -0400) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 16 Oct 2009 13:03:38 +0000 (16 15:03 +0200) | ||
| tree | 0ca600d51b1c9369c66e0e1048a34c094044e8a7 | treesnapshot (tar.gz zip) |
| parent | f3b2402a737ff0a7e80a03ade9f57d65dabdc7eb | commitdiff |
cifs.upcall: do a brute-force search for KRB5 credcache
A few weeks ago, I added some code to cifs.upcall to take the pid sent
by the kernel and use that to get the value of the $KRB5CCNAME
environment var for the process. That works fine on the initial mount,
but could be problematic on reconnect.
There's no guarantee on a reconnect that the process that initiates the
upcall will have $KRB5CCNAME pointed at the correct credcache. Because
of this, the current scheme isn't going to be reliable enough and we
need to use something different.
This patch replaces that scheme with one very similar to the one used by
rpc.gssd in nfs-utils. It searches the credcache dir (currently
hardcoded to /tmp) for a valid credcache for the given uid. If it finds
one then it uses that as the credentials cache. If it finds more than
one, it uses the one with the latest TGT expiration.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Addresses bug #6810.
A few weeks ago, I added some code to cifs.upcall to take the pid sent
by the kernel and use that to get the value of the $KRB5CCNAME
environment var for the process. That works fine on the initial mount,
but could be problematic on reconnect.
There's no guarantee on a reconnect that the process that initiates the
upcall will have $KRB5CCNAME pointed at the correct credcache. Because
of this, the current scheme isn't going to be reliable enough and we
need to use something different.
This patch replaces that scheme with one very similar to the one used by
rpc.gssd in nfs-utils. It searches the credcache dir (currently
hardcoded to /tmp) for a valid credcache for the given uid. If it finds
one then it uses that as the credentials cache. If it finds more than
one, it uses the one with the latest TGT expiration.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Addresses bug #6810.
| source3/client/cifs.upcall.c | diffblobblamehistory |