From: <andros@netapp.com>
To: <steved@redhat.com>
Cc: <linux-nfs@vger.kernel.org>, Andy Adamson <andros@netapp.com>
Subject: [PATCH 1/2] Use RPCSEC_GSS version 3
Date: Fri, 23 Dec 2016 11:09:26 -0500 [thread overview]
Message-ID: <1482509367-22381-2-git-send-email-andros@netapp.com> (raw)
In-Reply-To: <1482509367-22381-1-git-send-email-andros@netapp.com>
From: Andy Adamson <andros@netapp.com>
If that fails, fall back to version 1
Signed-off-by: Andy Adamson <andros@netapp.com>
---
autogen.sh | 0
src/auth_gss.c | 16 ++++++++++++----
tirpc/rpc/auth_gss.h | 10 ++++++++--
3 files changed, 20 insertions(+), 6 deletions(-)
mode change 100644 => 100755 autogen.sh
diff --git a/autogen.sh b/autogen.sh
old mode 100644
new mode 100755
diff --git a/src/auth_gss.c b/src/auth_gss.c
index cf96ada..5bb1685 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -156,9 +156,11 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
AUTH *auth, *save_auth;
struct rpc_gss_data *gd;
OM_uint32 min_stat = 0;
+ int vers=RPCSEC_GSS3_VERSION;
gss_log_debug("in authgss_create()");
+retry_gssv1:
memset(&rpc_createerr, 0, sizeof(rpc_createerr));
if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
@@ -190,7 +192,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
gd->ctx = GSS_C_NO_CONTEXT;
gd->sec = *sec;
- gd->gc.gc_v = RPCSEC_GSS_VERSION;
+ gd->gc.gc_v = vers;
gd->gc.gc_proc = RPCSEC_GSS_INIT;
gd->gc.gc_svc = gd->sec.svc;
@@ -200,9 +202,14 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
save_auth = clnt->cl_auth;
clnt->cl_auth = auth;
- if (!authgss_refresh(auth, NULL))
- auth = NULL;
- else
+ fprintf(stderr, "authgss_create CALLING authgss_refresh\n");
+ if (!authgss_refresh(auth, NULL)) {
+ if (vers == RPCSEC_GSS3_VERSION) {
+ vers = RPCSEC_GSS_VERSION;
+ goto retry_gssv1;
+ } else
+ auth = NULL;
+ } else
auth_get(auth); /* Reference for caller */
clnt->cl_auth = save_auth;
@@ -263,6 +270,7 @@ authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
pd->pd_ctx = gd->ctx;
pd->pd_ctx_hndl = gd->gc.gc_ctx;
pd->pd_seq_win = gd->win;
+ pd->pd_gss_vers = gd->gc.gc_v;
/*
* We've given this away -- don't try to use it ourself any more
* Caller should call authgss_free_private_data to free data.
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
index a17b34b..b662ac5 100644
--- a/tirpc/rpc/auth_gss.h
+++ b/tirpc/rpc/auth_gss.h
@@ -45,17 +45,22 @@ typedef enum {
RPCSEC_GSS_DATA = 0,
RPCSEC_GSS_INIT = 1,
RPCSEC_GSS_CONTINUE_INIT = 2,
- RPCSEC_GSS_DESTROY = 3
+ RPCSEC_GSS_DESTROY = 3,
+ RPCSEC_GSS_BIND_CHANNEL = 4, /* GSSv2, not used */
+ RPCSEC_GSS_CREATE = 5, /* GSSv3 */
+ RPCSEC_GSS_LIST = 6 /* GSSv3 */
} rpc_gss_proc_t;
/* RPCSEC_GSS services. */
typedef enum {
RPCSEC_GSS_SVC_NONE = 1,
RPCSEC_GSS_SVC_INTEGRITY = 2,
- RPCSEC_GSS_SVC_PRIVACY = 3
+ RPCSEC_GSS_SVC_PRIVACY = 3,
+ RPC_GSS_SVC_CHANNEL_PROT = 4 /* GSS2, not used */
} rpc_gss_svc_t;
#define RPCSEC_GSS_VERSION 1
+#define RPCSEC_GSS3_VERSION 3
/* RPCSEC_GSS security triple. */
struct rpc_gss_sec {
@@ -71,6 +76,7 @@ struct authgss_private_data {
gss_ctx_id_t pd_ctx; /* Session context handle */
gss_buffer_desc pd_ctx_hndl; /* Credentials context handle */
u_int pd_seq_win; /* Sequence window */
+ u_int pd_gss_vers; /* RPCSEC_GSS version */
};
#define g_OID_equal(o1, o2) \
--
1.8.3.1
next prev parent reply other threads:[~2016-12-23 16:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-23 16:09 [PATCH 0/2] RFC: Libtirpc changes for RPCSEC_GSS version 3 andros
2016-12-23 16:09 ` andros [this message]
2016-12-23 16:09 ` [PATCH 2/2] RPCSEC_GSSv3 new reply verifier andros
2017-02-15 15:11 ` [PATCH 0/2] RFC: Libtirpc changes for RPCSEC_GSS version 3 Steve Dickson
2017-02-15 15:21 ` Adamson, Andy
2017-02-15 18:06 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1482509367-22381-2-git-send-email-andros@netapp.com \
--to=andros@netapp.com \
--cc=linux-nfs@vger.kernel.org \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.