linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Weiser, Michael" <michael.weiser@atos.net>
To: Pavel Shilovsky <piastryyy@gmail.com>,
	Jacob Shivers <jshivers@redhat.com>
Cc: Leif Sahlberg <lsahlber@redhat.com>, Simo Sorce <simo@redhat.com>,
	"Shyam Prasad N" <nspmangalore@gmail.com>,
	Steve French <smfrench@gmail.com>,
	"The GSS-Proxy developers and users mailing list" 
	<gss-proxy@lists.fedorahosted.org>,
	"linux-cifs@vger.kernel.org" <linux-cifs@vger.kernel.org>,
	"samba-technical@lists.samba.org"
	<samba-technical@lists.samba.org>
Subject: Re: [gssproxy] cifs-utils, Linux cifs kernel client and gssproxy
Date: Tue, 26 Oct 2021 10:08:48 +0000	[thread overview]
Message-ID: <4edcf2fc7ee94b1a8898149bc997ea20@atos.net> (raw)
In-Reply-To: <CAKywueQU8P-XQsiy4x6B=0YjuwUmTzPVg--SY0sWzGuq6Oy_-w@mail.gmail.com>

Hello Pavel,

I've now also had a chance to look at this in more detail. I've done a quick test and
everything still seems to work with the next branch.

> The only concern that I have is the compile warning below. Would
> appreciate it if you provide a fix for that.

FWIW: I do not get that warning either on Fedora 33 with gcc 10.3 and krb5-1.18.2-29.fc33
nor on Debian testing as of today with gcc 10.3 and krb5-1.18.3-7 nor on Gentoo
with gcc-11.2.0 and mit-krb5-1.19.2. But I do see that gssproxy has run into this as well and
solved it the same way. Looking at gssapi docs and source I do not see that we're doing
anything wrong here.

There's one minor additional change I found in my local branch switching from
(gss_OID)gss_nt_service_name to the more modern GSS_C_NT_HOSTBASED_SERVICE
in gss_import_name(). I've opened a PR on github. (Below as well but the groupware will
likely corrupt it.)

The old style bled over from an MIT krb5 example I based my initial trials on. The removed
cast might require another discard_const() now. Since I can't reproduce it, I'd leave that up
to you.

Author: Michael Weiser <michael.weiser@atos.net>
Date:   Tue Oct 26 11:11:48 2021 +0200

    cifs.upcall: switch to RFC principal type naming

    Switch from old-style MIT krb5 gss_nt_service_name principal type
    constant name to the now preferred GSS_C_NT_HOSTBASED_SERVICE.

    Signed-off-by: Michael Weiser <michael.weiser@atos.net>

diff --git a/cifs.upcall.c b/cifs.upcall.c
index e9c7f5f..f11bfa6 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -794,7 +794,7 @@ cifs_gss_get_req(const char *host, DATA_BLOB *mechtoken, DATA_BLOB *sess_key)
        target_name_buf.length = service_name_len;

        maj_stat = gss_import_name(&min_stat, &target_name_buf,
-                       (gss_OID)gss_nt_service_name, &target_name);
+                       GSS_C_NT_HOSTBASED_SERVICE, &target_name);
        free(service_name);
        if (GSS_ERROR(maj_stat)) {
                cifs_gss_display_status("gss_import_name", maj_stat, min_stat);
-- 
Thanks
Michael

  parent reply	other threads:[~2021-10-26 10:08 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-16 10:01 cifs-utils, Linux cifs kernel client and gssproxy Weiser, Michael
2020-12-16 14:31 ` [gssproxy] " Simo Sorce
2020-12-16 22:43   ` Steve French
2020-12-17 13:39     ` Simo Sorce
2020-12-17 21:22       ` Steve French
2020-12-17 21:25         ` Steve French
2020-12-17 21:53           ` Simo Sorce
2020-12-17 21:49         ` Simo Sorce
2021-02-19 11:30       ` Shyam Prasad N
2021-02-19 17:35         ` Simo Sorce
2021-02-23 17:42           ` Jacob Shivers
2021-02-23 19:54             ` Simo Sorce
2021-03-05 21:29               ` Jacob Shivers
2021-03-05 22:19                 ` Simo Sorce
2021-04-13 23:53                   ` ronnie sahlberg
2021-09-24 17:09             ` Pavel Shilovsky
2021-09-25  7:28               ` ronnie sahlberg
2021-09-27  7:18               ` Weiser, Michael
2021-09-30 23:17                 ` Jacob Shivers
2021-10-21 23:23                   ` Pavel Shilovsky
     [not found]                     ` <CAGvGhF5rVU1WzLk=aE36n47P357UBOPbsjXE=B8J+feO3bVSSQ@mail.gmail.com>
     [not found]                       ` <CALe0_77Bv_+v9cdNd_AL5DgA2+EaXMtF_0+rUw6y46fhHq0M4A@mail.gmail.com>
     [not found]                         ` <CAKywueQU8P-XQsiy4x6B=0YjuwUmTzPVg--SY0sWzGuq6Oy_-w@mail.gmail.com>
2021-10-26 10:08                           ` Weiser, Michael [this message]
2021-10-26 15:05                           ` Jacob Shivers
2021-11-05  0:31                             ` Pavel Shilovsky
2021-01-07 11:04   ` [gssproxy] " Weiser, Michael
     [not found]     ` <2d5a7cf3b6e8e31db010f6a3d159109ca48ca998.camel@samba.org>
2021-01-07 13:45       ` Simo
2021-02-19 11:26     ` Shyam Prasad N
2021-02-19 14:10       ` Weiser, Michael
2021-02-19 17:34       ` Simo Sorce

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4edcf2fc7ee94b1a8898149bc997ea20@atos.net \
    --to=michael.weiser@atos.net \
    --cc=gss-proxy@lists.fedorahosted.org \
    --cc=jshivers@redhat.com \
    --cc=linux-cifs@vger.kernel.org \
    --cc=lsahlber@redhat.com \
    --cc=nspmangalore@gmail.com \
    --cc=piastryyy@gmail.com \
    --cc=samba-technical@lists.samba.org \
    --cc=simo@redhat.com \
    --cc=smfrench@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).