* nfs-utils patches for nfsv4.0 callbacks
@ 2013-09-19 20:57 J. Bruce Fields
2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw)
To: steved; +Cc: linux-nfs
NFSv4.0 callbacks over krb5 have been broken for a while. With the
following three patches I've at least witnessed a succesful null
callback.
--b.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 1/3] gssd: fix strncmp bug causing client removals
2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields
@ 2013-09-19 20:57 ` J. Bruce Fields
2013-09-19 21:00 ` J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields
2013-09-19 20:57 ` [PATCH 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
2013-09-19 20:57 ` [PATCH 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
2 siblings, 2 replies; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw)
To: steved; +Cc: linux-nfs, root, J. Bruce Fields
From: root <root@pip4.fieldses.org>
Both dirname and pdir are null-terminated strings, so there's no reason
I can see for the strncmp.
And this gives the wrong result when comparing the "nfsd" and "nfsd4_cb"
directories! The results were callback clients being removed
immediately after creation, when lack of a client with the corresponding
name under "nfsd" lead gssd to believe it had disappeared from
"nfsd4_cb".
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
utils/gssd/gssd_proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 2d3dbec..0383883 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -525,7 +525,7 @@ update_old_clients(struct dirent **namelist, int size, char *pdir)
/* only compare entries in the global list that are from the
* same pipefs parent directory as "pdir"
*/
- if (strncmp(clp->dirname, pdir, strlen(pdir)) != 0) continue;
+ if (strcmp(clp->dirname, pdir) != 0) continue;
stillhere = 0;
for (i=0; i < size; i++) {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/3] gssd: don't use tgtname to find our keytab
2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields
2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields
@ 2013-09-19 20:57 ` J. Bruce Fields
2013-09-19 20:57 ` [PATCH 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
2 siblings, 0 replies; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw)
To: steved; +Cc: linux-nfs, J. Bruce Fields
From: "J. Bruce Fields" <bfields@redhat.com>
The tgtname is of the form service@hostname. It's not a hostname, and
attempting to look it up here just causes failure of any upcall with a
"target=" field (currently, any upcall on behalf of an nfsv4.0
callback).
I think the theory was that knowning that target= name might help pick
the right keytab, but I don't really know if that's helpful. For now,
just stop trying to do this.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
utils/gssd/gssd_proc.c | 3 +--
utils/gssd/krb5_util.c | 10 +++-------
utils/gssd/krb5_util.h | 3 +--
3 files changed, 5 insertions(+), 11 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 0383883..7200a78 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -1035,8 +1035,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
int success = 0;
do {
gssd_refresh_krb5_machine_credential(clp->servername,
- NULL, service,
- tgtname);
+ NULL, service);
/*
* Get a list of credential cache names and try each
* of them until one works or we've tried them all
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 83b9651..c6e52fd 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1149,7 +1149,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
if (ple->ccname) {
/* Make sure cred is up-to-date before returning it */
retval = gssd_refresh_krb5_machine_credential(NULL, ple,
- NULL, NULL);
+ NULL);
if (retval)
continue;
if (i + 1 > listsize) {
@@ -1240,8 +1240,7 @@ gssd_destroy_krb5_machine_creds(void)
int
gssd_refresh_krb5_machine_credential(char *hostname,
struct gssd_k5_kt_princ *ple,
- char *service,
- char *tgtname)
+ char *service)
{
krb5_error_code code = 0;
krb5_context context;
@@ -1280,10 +1279,7 @@ gssd_refresh_krb5_machine_credential(char *hostname,
if (ple == NULL) {
krb5_keytab_entry kte;
- if (tgtname == NULL)
- tgtname = hostname;
-
- code = find_keytab_entry(context, kt, tgtname, &kte, svcnames);
+ code = find_keytab_entry(context, kt, hostname, &kte, svcnames);
if (code) {
printerr(0, "ERROR: %s: no usable keytab entry found "
"in keytab %s for connection with host %s\n",
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index eed1294..3f0723e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -31,8 +31,7 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername);
void gssd_destroy_krb5_machine_creds(void);
int gssd_refresh_krb5_machine_credential(char *hostname,
struct gssd_k5_kt_princ *ple,
- char *service,
- char *tgtname);
+ char *service);
char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/3] gssd: let tgtname override clp->servicename
2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields
2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields
2013-09-19 20:57 ` [PATCH 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
@ 2013-09-19 20:57 ` J. Bruce Fields
2 siblings, 0 replies; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw)
To: steved; +Cc: linux-nfs, root, J. Bruce Fields
From: root <root@pip4.fieldses.org>
When the kernel provides an explicit "target=" name in the upcall, that
should override the name in clp->servicename.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
utils/gssd/gssd_proc.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 7200a78..e58c341 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -822,6 +822,7 @@ set_port:
*/
static int
create_auth_rpc_client(struct clnt_info *clp,
+ char *tgtname,
CLIENT **clnt_return,
AUTH **auth_return,
uid_t uid,
@@ -926,14 +927,16 @@ create_auth_rpc_client(struct clnt_info *clp,
clnt_spcreateerror(rpc_errmsg));
goto out_fail;
}
+ if (!tgtname)
+ tgtname = clp->servicename;
- printerr(2, "creating context with server %s\n", clp->servicename);
- auth = authgss_create_default(rpc_clnt, clp->servicename, &sec);
+ printerr(2, "creating context with server %s\n", tgtname);
+ auth = authgss_create_default(rpc_clnt, tgtname, &sec);
if (!auth) {
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
- uid, clp->servername);
+ uid, tgtname);
goto out_fail;
}
@@ -1015,7 +1018,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
/* Try first to acquire credentials directly via GSSAPI */
err = gssd_acquire_user_cred(uid, &gss_cred);
if (!err)
- create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+ create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid,
AUTHTYPE_KRB5, gss_cred);
/* if create_auth_rplc_client fails try the traditional method of
* trolling for credentials */
@@ -1024,7 +1027,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
if (err == -EKEYEXPIRED)
downcall_err = -EKEYEXPIRED;
else if (!err)
- create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+ create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid,
AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL);
}
}
@@ -1048,7 +1051,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
}
for (ccname = credlist; ccname && *ccname; ccname++) {
gssd_setup_krb5_machine_gss_ccache(*ccname);
- if ((create_auth_rpc_client(clp, &rpc_clnt,
+ if ((create_auth_rpc_client(clp, tgtname, &rpc_clnt,
&auth, uid,
AUTHTYPE_KRB5,
GSS_C_NO_CREDENTIAL)) == 0) {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] gssd: fix strncmp bug causing client removals
2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields
@ 2013-09-19 21:00 ` J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields
1 sibling, 0 replies; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 21:00 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: steved, linux-nfs
On Thu, Sep 19, 2013 at 04:57:17PM -0400, J. Bruce Fields wrote:
> From: root <root@pip4.fieldses.org>
Ugh, sorry. I'll just resend all three of these with the authors fixed.
--b.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCHv2 1/3] gssd: fix strncmp bug causing client removals
2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields
2013-09-19 21:00 ` J. Bruce Fields
@ 2013-09-19 21:03 ` J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
` (2 more replies)
1 sibling, 3 replies; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 21:03 UTC (permalink / raw)
To: steved; +Cc: linux-nfs, J. Bruce Fields
From: "J. Bruce Fields" <bfields@redhat.com>
Both dirname and pdir are null-terminated strings, so there's no reason
I can see for the strncmp.
And this gives the wrong result when comparing the "nfsd" and "nfsd4_cb"
directories! The results were callback clients being removed
immediately after creation, when lack of a client with the corresponding
name under "nfsd" lead gssd to believe it had disappeared from
"nfsd4_cb".
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
utils/gssd/gssd_proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 2d3dbec..0383883 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -525,7 +525,7 @@ update_old_clients(struct dirent **namelist, int size, char *pdir)
/* only compare entries in the global list that are from the
* same pipefs parent directory as "pdir"
*/
- if (strncmp(clp->dirname, pdir, strlen(pdir)) != 0) continue;
+ if (strcmp(clp->dirname, pdir) != 0) continue;
stillhere = 0;
for (i=0; i < size; i++) {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCHv2 2/3] gssd: don't use tgtname to find our keytab
2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields
@ 2013-09-19 21:03 ` J. Bruce Fields
2013-09-24 19:17 ` Steve Dickson
2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
2013-09-24 19:17 ` [PATCHv2 1/3] gssd: fix strncmp bug causing client removals Steve Dickson
2 siblings, 1 reply; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 21:03 UTC (permalink / raw)
To: steved; +Cc: linux-nfs, J. Bruce Fields
From: "J. Bruce Fields" <bfields@redhat.com>
The tgtname is of the form service@hostname. It's not a hostname, and
attempting to look it up here just causes failure of any upcall with a
"target=" field (currently, any upcall on behalf of an nfsv4.0
callback).
I think the theory was that knowning that target= name might help pick
the right keytab, but I don't really know if that's helpful. For now,
just stop trying to do this.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
utils/gssd/gssd_proc.c | 3 +--
utils/gssd/krb5_util.c | 10 +++-------
utils/gssd/krb5_util.h | 3 +--
3 files changed, 5 insertions(+), 11 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 0383883..7200a78 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -1035,8 +1035,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
int success = 0;
do {
gssd_refresh_krb5_machine_credential(clp->servername,
- NULL, service,
- tgtname);
+ NULL, service);
/*
* Get a list of credential cache names and try each
* of them until one works or we've tried them all
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 83b9651..c6e52fd 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1149,7 +1149,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
if (ple->ccname) {
/* Make sure cred is up-to-date before returning it */
retval = gssd_refresh_krb5_machine_credential(NULL, ple,
- NULL, NULL);
+ NULL);
if (retval)
continue;
if (i + 1 > listsize) {
@@ -1240,8 +1240,7 @@ gssd_destroy_krb5_machine_creds(void)
int
gssd_refresh_krb5_machine_credential(char *hostname,
struct gssd_k5_kt_princ *ple,
- char *service,
- char *tgtname)
+ char *service)
{
krb5_error_code code = 0;
krb5_context context;
@@ -1280,10 +1279,7 @@ gssd_refresh_krb5_machine_credential(char *hostname,
if (ple == NULL) {
krb5_keytab_entry kte;
- if (tgtname == NULL)
- tgtname = hostname;
-
- code = find_keytab_entry(context, kt, tgtname, &kte, svcnames);
+ code = find_keytab_entry(context, kt, hostname, &kte, svcnames);
if (code) {
printerr(0, "ERROR: %s: no usable keytab entry found "
"in keytab %s for connection with host %s\n",
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index eed1294..3f0723e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -31,8 +31,7 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername);
void gssd_destroy_krb5_machine_creds(void);
int gssd_refresh_krb5_machine_credential(char *hostname,
struct gssd_k5_kt_princ *ple,
- char *service,
- char *tgtname);
+ char *service);
char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCHv2 3/3] gssd: let tgtname override clp->servicename
2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
@ 2013-09-19 21:03 ` J. Bruce Fields
2013-09-24 19:17 ` Steve Dickson
2013-09-24 19:17 ` [PATCHv2 1/3] gssd: fix strncmp bug causing client removals Steve Dickson
2 siblings, 1 reply; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 21:03 UTC (permalink / raw)
To: steved; +Cc: linux-nfs, J. Bruce Fields
From: "J. Bruce Fields" <bfields@redhat.com>
When the kernel provides an explicit "target=" name in the upcall, that
should override the name in clp->servicename.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
utils/gssd/gssd_proc.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 7200a78..e58c341 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -822,6 +822,7 @@ set_port:
*/
static int
create_auth_rpc_client(struct clnt_info *clp,
+ char *tgtname,
CLIENT **clnt_return,
AUTH **auth_return,
uid_t uid,
@@ -926,14 +927,16 @@ create_auth_rpc_client(struct clnt_info *clp,
clnt_spcreateerror(rpc_errmsg));
goto out_fail;
}
+ if (!tgtname)
+ tgtname = clp->servicename;
- printerr(2, "creating context with server %s\n", clp->servicename);
- auth = authgss_create_default(rpc_clnt, clp->servicename, &sec);
+ printerr(2, "creating context with server %s\n", tgtname);
+ auth = authgss_create_default(rpc_clnt, tgtname, &sec);
if (!auth) {
/* Our caller should print appropriate message */
printerr(2, "WARNING: Failed to create krb5 context for "
"user with uid %d for server %s\n",
- uid, clp->servername);
+ uid, tgtname);
goto out_fail;
}
@@ -1015,7 +1018,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
/* Try first to acquire credentials directly via GSSAPI */
err = gssd_acquire_user_cred(uid, &gss_cred);
if (!err)
- create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+ create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid,
AUTHTYPE_KRB5, gss_cred);
/* if create_auth_rplc_client fails try the traditional method of
* trolling for credentials */
@@ -1024,7 +1027,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
if (err == -EKEYEXPIRED)
downcall_err = -EKEYEXPIRED;
else if (!err)
- create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+ create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid,
AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL);
}
}
@@ -1048,7 +1051,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
}
for (ccname = credlist; ccname && *ccname; ccname++) {
gssd_setup_krb5_machine_gss_ccache(*ccname);
- if ((create_auth_rpc_client(clp, &rpc_clnt,
+ if ((create_auth_rpc_client(clp, tgtname, &rpc_clnt,
&auth, uid,
AUTHTYPE_KRB5,
GSS_C_NO_CREDENTIAL)) == 0) {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCHv2 1/3] gssd: fix strncmp bug causing client removals
2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
@ 2013-09-24 19:17 ` Steve Dickson
2 siblings, 0 replies; 11+ messages in thread
From: Steve Dickson @ 2013-09-24 19:17 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
On 19/09/13 17:03, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> Both dirname and pdir are null-terminated strings, so there's no reason
> I can see for the strncmp.
>
> And this gives the wrong result when comparing the "nfsd" and "nfsd4_cb"
> directories! The results were callback clients being removed
> immediately after creation, when lack of a client with the corresponding
> name under "nfsd" lead gssd to believe it had disappeared from
> "nfsd4_cb".
>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Committed...
steved.
> ---
> utils/gssd/gssd_proc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
> index 2d3dbec..0383883 100644
> --- a/utils/gssd/gssd_proc.c
> +++ b/utils/gssd/gssd_proc.c
> @@ -525,7 +525,7 @@ update_old_clients(struct dirent **namelist, int size, char *pdir)
> /* only compare entries in the global list that are from the
> * same pipefs parent directory as "pdir"
> */
> - if (strncmp(clp->dirname, pdir, strlen(pdir)) != 0) continue;
> + if (strcmp(clp->dirname, pdir) != 0) continue;
>
> stillhere = 0;
> for (i=0; i < size; i++) {
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2 2/3] gssd: don't use tgtname to find our keytab
2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
@ 2013-09-24 19:17 ` Steve Dickson
0 siblings, 0 replies; 11+ messages in thread
From: Steve Dickson @ 2013-09-24 19:17 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
On 19/09/13 17:03, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> The tgtname is of the form service@hostname. It's not a hostname, and
> attempting to look it up here just causes failure of any upcall with a
> "target=" field (currently, any upcall on behalf of an nfsv4.0
> callback).
>
> I think the theory was that knowning that target= name might help pick
> the right keytab, but I don't really know if that's helpful. For now,
> just stop trying to do this.
>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Committed....
steved.
> ---
> utils/gssd/gssd_proc.c | 3 +--
> utils/gssd/krb5_util.c | 10 +++-------
> utils/gssd/krb5_util.h | 3 +--
> 3 files changed, 5 insertions(+), 11 deletions(-)
>
> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
> index 0383883..7200a78 100644
> --- a/utils/gssd/gssd_proc.c
> +++ b/utils/gssd/gssd_proc.c
> @@ -1035,8 +1035,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
> int success = 0;
> do {
> gssd_refresh_krb5_machine_credential(clp->servername,
> - NULL, service,
> - tgtname);
> + NULL, service);
> /*
> * Get a list of credential cache names and try each
> * of them until one works or we've tried them all
> diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
> index 83b9651..c6e52fd 100644
> --- a/utils/gssd/krb5_util.c
> +++ b/utils/gssd/krb5_util.c
> @@ -1149,7 +1149,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
> if (ple->ccname) {
> /* Make sure cred is up-to-date before returning it */
> retval = gssd_refresh_krb5_machine_credential(NULL, ple,
> - NULL, NULL);
> + NULL);
> if (retval)
> continue;
> if (i + 1 > listsize) {
> @@ -1240,8 +1240,7 @@ gssd_destroy_krb5_machine_creds(void)
> int
> gssd_refresh_krb5_machine_credential(char *hostname,
> struct gssd_k5_kt_princ *ple,
> - char *service,
> - char *tgtname)
> + char *service)
> {
> krb5_error_code code = 0;
> krb5_context context;
> @@ -1280,10 +1279,7 @@ gssd_refresh_krb5_machine_credential(char *hostname,
> if (ple == NULL) {
> krb5_keytab_entry kte;
>
> - if (tgtname == NULL)
> - tgtname = hostname;
> -
> - code = find_keytab_entry(context, kt, tgtname, &kte, svcnames);
> + code = find_keytab_entry(context, kt, hostname, &kte, svcnames);
> if (code) {
> printerr(0, "ERROR: %s: no usable keytab entry found "
> "in keytab %s for connection with host %s\n",
> diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
> index eed1294..3f0723e 100644
> --- a/utils/gssd/krb5_util.h
> +++ b/utils/gssd/krb5_util.h
> @@ -31,8 +31,7 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername);
> void gssd_destroy_krb5_machine_creds(void);
> int gssd_refresh_krb5_machine_credential(char *hostname,
> struct gssd_k5_kt_princ *ple,
> - char *service,
> - char *tgtname);
> + char *service);
> char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
> void gssd_k5_get_default_realm(char **def_realm);
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2 3/3] gssd: let tgtname override clp->servicename
2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
@ 2013-09-24 19:17 ` Steve Dickson
0 siblings, 0 replies; 11+ messages in thread
From: Steve Dickson @ 2013-09-24 19:17 UTC (permalink / raw)
To: J. Bruce Fields; +Cc: linux-nfs
On 19/09/13 17:03, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> When the kernel provides an explicit "target=" name in the upcall, that
> should override the name in clp->servicename.
>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Committed...
steved.
> ---
> utils/gssd/gssd_proc.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
> index 7200a78..e58c341 100644
> --- a/utils/gssd/gssd_proc.c
> +++ b/utils/gssd/gssd_proc.c
> @@ -822,6 +822,7 @@ set_port:
> */
> static int
> create_auth_rpc_client(struct clnt_info *clp,
> + char *tgtname,
> CLIENT **clnt_return,
> AUTH **auth_return,
> uid_t uid,
> @@ -926,14 +927,16 @@ create_auth_rpc_client(struct clnt_info *clp,
> clnt_spcreateerror(rpc_errmsg));
> goto out_fail;
> }
> + if (!tgtname)
> + tgtname = clp->servicename;
>
> - printerr(2, "creating context with server %s\n", clp->servicename);
> - auth = authgss_create_default(rpc_clnt, clp->servicename, &sec);
> + printerr(2, "creating context with server %s\n", tgtname);
> + auth = authgss_create_default(rpc_clnt, tgtname, &sec);
> if (!auth) {
> /* Our caller should print appropriate message */
> printerr(2, "WARNING: Failed to create krb5 context for "
> "user with uid %d for server %s\n",
> - uid, clp->servername);
> + uid, tgtname);
> goto out_fail;
> }
>
> @@ -1015,7 +1018,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
> /* Try first to acquire credentials directly via GSSAPI */
> err = gssd_acquire_user_cred(uid, &gss_cred);
> if (!err)
> - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
> + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid,
> AUTHTYPE_KRB5, gss_cred);
> /* if create_auth_rplc_client fails try the traditional method of
> * trolling for credentials */
> @@ -1024,7 +1027,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
> if (err == -EKEYEXPIRED)
> downcall_err = -EKEYEXPIRED;
> else if (!err)
> - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
> + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid,
> AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL);
> }
> }
> @@ -1048,7 +1051,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
> }
> for (ccname = credlist; ccname && *ccname; ccname++) {
> gssd_setup_krb5_machine_gss_ccache(*ccname);
> - if ((create_auth_rpc_client(clp, &rpc_clnt,
> + if ((create_auth_rpc_client(clp, tgtname, &rpc_clnt,
> &auth, uid,
> AUTHTYPE_KRB5,
> GSS_C_NO_CREDENTIAL)) == 0) {
>
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-09-24 19:17 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields
2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields
2013-09-19 21:00 ` J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields
2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
2013-09-24 19:17 ` Steve Dickson
2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
2013-09-24 19:17 ` Steve Dickson
2013-09-24 19:17 ` [PATCHv2 1/3] gssd: fix strncmp bug causing client removals Steve Dickson
2013-09-19 20:57 ` [PATCH 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields
2013-09-19 20:57 ` [PATCH 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.