From: Doug Nazar <nazard@nazar.ca>
To: linux-nfs@vger.kernel.org
Subject: [PATCH 07/10] gssd: Lookup local hostname when srchost is '*'
Date: Wed, 1 Jul 2020 14:27:58 -0400 [thread overview]
Message-ID: <20200701182803.14947-8-nazard@nazar.ca> (raw)
In-Reply-To: <20200701182803.14947-1-nazard@nazar.ca>
Currently when we receive a '*' srchost, we scan our keytab for a matching
host but of course none match. We then fall back to scanning for any
service/realm match and eventually find our hostname. Let's lookup our
hostname instead and quickly find our specific match.
Signed-off-by: Doug Nazar <nazard@nazar.ca>
---
utils/gssd/krb5_util.c | 52 ++++++++++++++++++++++--------------------
1 file changed, 27 insertions(+), 25 deletions(-)
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 7908c10f..560e4a87 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -757,6 +757,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
goto out;
}
+ printerr(4, "Scanning keytab for %s/*@%s\n", service, realm);
while ((code = krb5_kt_next_entry(context, kt, kte, &cursor)) == 0) {
if ((code = krb5_unparse_name(context, kte->principal,
&pname))) {
@@ -853,43 +854,44 @@ find_keytab_entry(krb5_context context, krb5_keytab kt,
goto out;
/* Get full local hostname */
- if (srchost) {
+ if (srchost && strcmp(srchost, "*") != 0) {
strcpy(myhostname, srchost);
- } else if (gethostname(myhostname, sizeof(myhostname)) == -1) {
- retval = errno;
- k5err = gssd_k5_err_msg(context, retval);
- printerr(1, "%s while getting local hostname\n", k5err);
- goto out;
+ strcpy(myhostad, myhostname);
+ } else {
+ /* Borrow myhostad for gethostname(), we need it later anyways */
+ if (gethostname(myhostad, sizeof(myhostad)-1) == -1) {
+ retval = errno;
+ k5err = gssd_k5_err_msg(context, retval);
+ printerr(1, "%s while getting local hostname\n", k5err);
+ goto out;
+ }
+ retval = get_full_hostname(myhostad, myhostname, sizeof(myhostname));
+ if (retval) {
+ /* Don't use myhostname */
+ myhostname[0] = 0;
+ }
}
/* Compute the active directory machine name HOST$ */
- krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name",
+ krb5_appdefault_string(context, "nfs", NULL, "ad_principal_name",
notsetstr, &adhostoverride);
if (strcmp(adhostoverride, notsetstr) != 0) {
- printerr (1,
- "AD host string overridden with \"%s\" from appdefaults\n",
+ printerr (1,
+ "AD host string overridden with \"%s\" from appdefaults\n",
adhostoverride);
- /* No overflow: Windows cannot handle strings longer than 19 chars */
- strcpy(myhostad, adhostoverride);
+ /* No overflow: Windows cannot handle strings longer than 19 chars */
+ strcpy(myhostad, adhostoverride);
} else {
- strcpy(myhostad, myhostname);
- for (i = 0; myhostad[i] != 0; ++i) {
- if (myhostad[i] == '.') break;
- }
- myhostad[i] = '$';
- myhostad[i+1] = 0;
+ /* In this case, it's been pre-filled above */
+ for (i = 0; myhostad[i] != 0; ++i) {
+ if (myhostad[i] == '.') break;
+ }
+ myhostad[i] = '$';
+ myhostad[i+1] = 0;
}
if (adhostoverride)
krb5_free_string(context, adhostoverride);
- if (!srchost) {
- retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
- if (retval) {
- /* Don't use myhostname */
- myhostname[0] = 0;
- }
- }
-
code = krb5_get_default_realm(context, &default_realm);
if (code) {
retval = code;
--
2.26.2
next prev parent reply other threads:[~2020-07-01 18:28 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-01 18:27 [PATCH 00/10] Misc fixes & cleanups for nfs-utils Doug Nazar
2020-07-01 18:27 ` [PATCH 01/10] gssd: Refcount struct clnt_info to protect multithread usage Doug Nazar
2020-07-01 18:27 ` [PATCH 02/10] Update to libevent 2.x apis Doug Nazar
2020-07-01 18:27 ` [PATCH 03/10] gssd: Cleanup on exit to support valgrind Doug Nazar
2020-07-01 18:27 ` [PATCH 04/10] gssd: gssd_k5_err_msg() returns a strdup'd msg. Use free() to release Doug Nazar
2020-07-08 14:50 ` [PATCH 04/10] gssd: gssd_k5_err_msg() returns a ". " Steve Dickson
2020-07-12 20:27 ` Doug Nazar
2020-07-13 18:47 ` Steve Dickson
2020-07-13 22:22 ` Doug Nazar
2020-07-01 18:27 ` [PATCH 05/10] gssd: Fix locking for machine principal list Doug Nazar
2020-07-01 18:27 ` [PATCH 06/10] gssd: Add a few debug statements to help track client_info lifetimes Doug Nazar
2020-07-01 18:27 ` Doug Nazar [this message]
2020-07-01 18:27 ` [PATCH 08/10] gssd: We never use the nocache param of gssd_check_if_cc_exists() Doug Nazar
2020-07-01 18:28 ` [PATCH 09/10] Cleanup printf format attribute handling and fix format strings Doug Nazar
2020-07-01 18:28 ` [PATCH 09/10] Cleanup printf format attribute handling and fix various " Doug Nazar
2020-07-01 18:28 ` [PATCH 09/10] Consolidate " Doug Nazar
2020-07-01 18:28 ` [PATCH 10/10] Fix various clang warnings Doug Nazar
2020-07-14 18:38 ` [PATCH 00/10] Misc fixes & cleanups for nfs-utils Steve Dickson
2020-07-16 6:56 ` Doug Nazar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200701182803.14947-8-nazard@nazar.ca \
--to=nazard@nazar.ca \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).