git.samba.org - samba.git/commit

author	Jeff Layton <jlayton@redhat.com>
	Wed, 14 Oct 2009 15:06:23 +0000 (11:06 -0400)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 16 Oct 2009 13:05:02 +0000 (15:05 +0200)
commit	6eacb25d736d47e1b4572aec5a143b15fbed619e
tree	fcbe0e57bc41164cacd3f1f62b6bef4adb60268f	tree
parent	6aa0f05509ec1b8578021051f83627f4ca296ef8	commit \| diff

cifs.upcall: do a brute-force search for KRB5 credcache

A few weeks ago, I added some code to cifs.upcall to take the pid sent
by the kernel and use that to get the value of the $KRB5CCNAME
environment var for the process. That works fine on the initial mount,
but could be problematic on reconnect.

There's no guarantee on a reconnect that the process that initiates the
upcall will have $KRB5CCNAME pointed at the correct credcache. Because
of this, the current scheme isn't going to be reliable enough and we
need to use something different.

This patch replaces that scheme with one very similar to the one used by
rpc.gssd in nfs-utils. It searches the credcache dir (currently
hardcoded to /tmp) for a valid credcache for the given uid. If it finds
one then it uses that as the credentials cache. If it finds more than
one, it uses the one with the latest TGT expiration.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Addresses bug #6810.