From: Maximilian Wilhelm <max@rfc2324.org>
To: linux-nfs@vger.kernel.org
Subject: [PATCH]: gssd: Fix preferred_realm option handling
Date: Tue, 11 Jun 2013 11:34:03 +0200 [thread overview]
Message-ID: <20130611093403.GB27345@principal.rfc2324.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 338 bytes --]
Hi,
the gssd currently ignores any preferred realm given via the -R
command line option.
The attached patch fixes that behaviour and makes sure the
preferrred_realm is used first when searching for a valid principal
for mount authentication.
I would be happy if you would apply this. This would close bug #235 in
bugzilla.
Thanks
Max
[-- Attachment #2: gssd_fix_preferred_realm.patch --]
[-- Type: text/x-diff, Size: 1347 bytes --]
commit 722bd62d1e6a9d38db57e919d914a371e67d804d
Author: Maximilian Wilhelm <max@rfc2324.org>
Date: Fri May 24 14:46:41 2013 +0200
Fix handling of preferred realm command line option.
The current implementation ignores any preferred realm specified on the
command line. Fix this behaviour and make sure the preferred realm is
used as first realm when trying to acquire a keytab entry.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Frederik Moellers <frederik.moellers@upb.de>
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6275dd8..fb706a8 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -852,11 +852,18 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
}
/*
- * Try the "appropriate" realm first, and if nothing found for that
- * realm, try the default realm (if it hasn't already been tried).
+ * Make sure the preferred_realm (which may have been explicitly set
+ * on the command line, is tried first. If nothing is found go on with
+ * the host and local default realm (if that hasn't already been tried).
*/
i = 0;
realm = realmnames[i];
+
+ if (strcmp (realm, preferred_realm) != 0) {
+ realm = preferred_realm;
+ i = -1;
+ }
+
while (1) {
if (realm == NULL) {
tried_all = 1;
next reply other threads:[~2013-06-11 9:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-11 9:34 Maximilian Wilhelm [this message]
2013-06-11 11:41 ` [PATCH]: gssd: Fix preferred_realm option handling Jim Rees
2013-06-17 17:02 ` Maximilian Wilhelm
2013-06-18 17:14 ` J. Bruce Fields
2013-06-24 17:00 ` Steve Dickson
2013-06-20 19:56 Maximilian Wilhelm
2013-07-01 16:04 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130611093403.GB27345@principal.rfc2324.org \
--to=max@rfc2324.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.