summaryrefslogtreecommitdiff
path: root/nsswitch/winbind_nss.h
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2009-09-04 06:29:44 -0400
committerJeff Layton <jlayton@redhat.com>2009-09-04 06:29:44 -0400
commit704b739ad8b5441e4c84215044a77e74e54cf425 (patch)
tree55a1fe799f733387cbf941a083f425c476001bef /nsswitch/winbind_nss.h
parentffd48a79ee34dc90c0f6f16564c3a0de8b53d3d2 (diff)
downloadsamba-704b739ad8b5441e4c84215044a77e74e54cf425.tar.gz
samba-704b739ad8b5441e4c84215044a77e74e54cf425.tar.bz2
samba-704b739ad8b5441e4c84215044a77e74e54cf425.zip
cifs.upcall: do a brute-force search for KRB5 credcache
A few weeks ago, I added some code to cifs.upcall to take the pid sent by the kernel and use that to get the value of the $KRB5CCNAME environment var for the process. That works fine on the initial mount, but could be problematic on reconnect. There's no guarantee on a reconnect that the process that initiates the upcall will have $KRB5CCNAME pointed at the correct credcache. Because of this, the current scheme isn't going to be reliable enough and we need to use something different. This patch replaces that scheme with one very similar to the one used by rpc.gssd in nfs-utils. It searches the credcache dir (currently hardcoded to /tmp) for a valid credcache for the given uid. If it finds one then it uses that as the credentials cache. If it finds more than one, it uses the one with the latest TGT expiration. Signed-off-by: Jeff Layton <jlayton@redhat.com>
Diffstat (limited to 'nsswitch/winbind_nss.h')
0 files changed, 0 insertions, 0 deletions