[PATCH 2/2] Use /run/user/${UID} instead of /run/user/${USER}

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nalin Dahyabhai <nalin@redhat.com>
To: linux-nfs@vger.kernel.org
Subject: [PATCH 2/2] Use /run/user/${UID} instead of /run/user/${USER}
Date: Tue, 21 Aug 2012 16:52:32 -0400	[thread overview]
Message-ID: <20120821205232.GE9511@redhat.com> (raw)

Newer versions of systemd create a /run/user/${UID} directory
instead of the /run/user/${USER} directory, so switch to
scanning for that.  To make the per-user directory bit a little
less magical, change the default to incorporate a "%U", which
gets dynamically expanded to the user's UID when needed.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
---
 utils/gssd/gssd.h      |  2 +-
 utils/gssd/gssd.man    |  9 ++++++---
 utils/gssd/gssd_proc.c | 36 ++----------------------------------
 utils/gssd/krb5_util.c | 30 ++++++++++++++++++++++++++----
 4 files changed, 35 insertions(+), 42 deletions(-)

diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
index 1d923d7..86472a1 100644
--- a/utils/gssd/gssd.h
+++ b/utils/gssd/gssd.h
@@ -45,7 +45,7 @@
 #define DNOTIFY_SIGNAL		(SIGRTMIN + 3)
 
 #define GSSD_DEFAULT_CRED_DIR			"/tmp"
-#define GSSD_USER_CRED_DIR			"/run/user"
+#define GSSD_USER_CRED_DIR			"/run/user/%U"
 #define GSSD_DEFAULT_CRED_PREFIX		"krb5cc"
 #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX	"machine"
 #define GSSD_DEFAULT_KEYTAB_FILE		"/etc/krb5.keytab"
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index d8138fa..c74b7e8 100644
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -103,9 +103,12 @@ where to look for the rpc_pipefs filesystem.  The default value is
 .B -d directory
 Tells
 .B rpc.gssd
-where to look for Kerberos credential files.  The default value is "/tmp".
-This can also be a colon separated list of directories to be searched
-for Kerberos credential files.  Note that if machine credentials are being
+where to look for Kerberos credential files.  The default value is
+"/tmp:/run/user/%U".
+This can also be a colon separated list of directories to be searched for
+Kerberos credential files.  The sequence "%U", if used, is replaced with
+the UID of the user for whom credentials are being searched.
+Note that if machine credentials are being
 stored in files, then the first directory on this list is where the
 machine credentials are stored.
 .TP
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index e393d59..336f3e9 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -937,23 +937,6 @@ int create_auth_rpc_client(struct clnt_info *clp,
 	goto out;
 }
 
-static char *
-user_cachedir(char *dirname, uid_t uid)
-{
-	struct passwd *pw;
-	char *ptr;
-
-	if ((pw = getpwuid(uid)) == NULL) {
-		printerr(0, "user_cachedir: Failed to find '%d' uid"
-			    " for cache directory\n");
-		return NULL;
-	}
-	ptr = malloc(strlen(dirname)+strlen(pw->pw_name)+2);
-	if (ptr)
-		sprintf(ptr, "%s/%s", dirname, pw->pw_name);
-
-	return ptr;
-}
 /*
  * this code uses the userland rpcsec gss library to create a krb5
  * context on behalf of the kernel
@@ -968,7 +951,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 	gss_buffer_desc		token;
 	char			**credlist = NULL;
 	char			**ccname;
-	char			**dirname, *dir, *userdir;
+	char			**dirname;
 	int			create_resp = -1;
 	int			err, downcall_err = -EACCES;
 
@@ -1011,22 +994,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 				service == NULL)) {
 		/* Tell krb5 gss which credentials cache to use */
 		for (dirname = ccachesearch; *dirname != NULL; dirname++) {
-			/* See if the user name is needed */
-			if (strncmp(*dirname, GSSD_USER_CRED_DIR, 
-					strlen(GSSD_USER_CRED_DIR)) == 0) {
-				userdir = user_cachedir(*dirname, uid);
-				if (userdir == NULL) 
-					continue;
-				dir = userdir;
-			} else
-				dir = *dirname;
-
-			err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, dir);
-
-			if (userdir) {
-				free(userdir);
-				userdir = NULL;
-			}
+			err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
 			if (err == -EKEYEXPIRED)
 				downcall_err = -EKEYEXPIRED;
 			else if (!err)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 2389276..60ba594 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1036,16 +1036,38 @@ err_cache:
  * Returns 0 if a ccache was found, and a non-zero error code otherwise.
  */
 int
-gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirname)
+gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername, char *dirpattern)
 {
-	char			buf[MAX_NETOBJ_SZ];
+	char			buf[MAX_NETOBJ_SZ], dirname[PATH_MAX];
 	const char		*cctype;
 	struct dirent		*d;
-	int			err;
+	int			err, i, j;
 
 	printerr(2, "getting credentials for client with uid %u for "
 		    "server %s\n", uid, servername);
-	memset(buf, 0, sizeof(buf));
+
+	for (i = 0, j = 0; dirpattern[i] != '\0'; i++) {
+		switch (dirpattern[i]) {
+		case '%':
+			switch (dirpattern[i + 1]) {
+			case '%':
+				dirname[j++] = dirpattern[i];
+				i++;
+				break;
+			case 'U':
+				j += sprintf(dirname + j, "%lu",
+					     (unsigned long) uid);
+				i++;
+				break;
+			}
+			break;
+		default:
+			dirname[j++] = dirpattern[i];
+			break;
+		}
+	}
+	dirname[j] = '\0';
+
 	err = gssd_find_existing_krb5_ccache(uid, dirname, &cctype, &d);
 	if (err)
 		return err;
-- 
1.7.11.5

next             reply	other threads:[~2012-08-21 20:52 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-21 20:52 Nalin Dahyabhai [this message]
2012-08-23 16:35 ` [PATCH 2/2] Use /run/user/${UID} instead of /run/user/${USER} Steve Dickson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1d923d7 dfblob:86472a1 dfblob:d8138fa dfblob:c74b7e8
dfblob:e393d59 dfblob:336f3e9 dfblob:2389276 dfblob:60ba594 )
 OR (
bs:"[PATCH 2/2] Use /run/user/${UID} instead of /run/user/${USER}" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120821205232.GE9511@redhat.com \
    --to=nalin@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.